order of multiple ipfilter blocks

[ccammilleri]

Can multiple ipfilter blocks exist with same baseuri and block rule? and if so, does order matter?

Here is the config I had and the behavior I experienced...not sure if it was to be expected or not:

        ipfilter / {
                rule block
                database GeoLite2.mmdb
                country US CA
                blockpage blocked.html
        }
        ipfilter / {
                rule block
                ip 1.1.1.1
                blockpage blocked.html
        }

My traffic matches the first ipfilter and should be blocked, but since it doesn't match the second ipfilter the traffic is allowed.

I think this is what you mean in the readme by the last rule action is applied. and I think I could just use one ipfilter block. However, being new to caddy and ipfilter, when toggling these rules from block and allow during setup/testing, the behavior confused me.

Either way, great work on ipfilter!

[pyed]

having the two blocks with the same path uses can be a bit confusing, but it's how you described, the last block will be applied, so you can block a whole country except for a specific IP or IPs, in your example, If you switched the last block to allow you'd have blocked all of the US except for 1.1.1.1 (assuming that IP is American.)

[krader1961]

I made a feeble attempt to clarify how this works when I updated https://github.com/pyed/ipfilter/blob/master/README.md (see the "Using mutiple ipfilter blocks" section) when I implemented the prefix_dir directive. That section would benefit from more text explaining the role of the basepath (e.g., /).