From ebb41ec32ec97680b984fc6b82d3604ee057b8be Mon Sep 17 00:00:00 2001
From: William Desportes <williamdes@wdes.fr>
Date: Mon, 30 Jun 2025 06:18:11 +0000
Subject: [PATCH] Improve the Caddy example & add an example to block admin

---
 Proxy-examples.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Proxy-examples.md b/Proxy-examples.md
index 8894d86..65c4439 100644
--- a/Proxy-examples.md
+++ b/Proxy-examples.md
@@ -17,7 +17,7 @@ Caddy 2 will automatically enable HTTPS in most circumstances, check the [docs](
 In the Caddyfile syntax, `{$VAR}` denotes the value of the environment variable `VAR`.
 If you prefer, you can also directly specify a value instead of substituting an env var value.
 
-```
+```Caddy
 
 # Uncomment this in addition with the import admin_redir statement allow access to the admin interface only from local networks
 # (admin_redir) {
@@ -73,6 +73,15 @@ If you prefer, you can also directly specify a value instead of substituting an
   # Uncomment to allow access to the admin interface only from local networks
   # import admin_redir
 
+  # Uncomment to allow access to the admin interface only from the specified forwarded IPs (proxied Cloudflare for example)
+  # @not_allowed_admin {
+  #     path /admin*
+  #     Trusted IPs one and two
+  #     not remote_ip forwarded xx.xx.xx.xx/32 xx.xx.xx.xx/32
+  # }
+
+  # respond @not_allowed_admin "401 - {http.request.header.Cf-Connecting-Ip} is not an allowed IP." 401
+
   # Proxy everything to Rocket
   # if located at a sub-path the reverse_proxy line will look like:
   #   reverse_proxy /subpath/* <SERVER>:80