I was pondering the same for last couple of days and had some thoughts on how to make it feasible. My research led me so far to 2 prerequisites:

1. must have Anubis in front
2. must have a WAF solution in place that covers at least OWASP Top 10

I found pretty good Caddy documentation that covers both, so I think I’ll deploy a secondary Caddy reverse proxy that’ll perform such ops for public facing services.

Of course, I currently have only 1 Caddy instance reverse proxying my internal services, haven’t reached the part on traffic handling when my devices are connected to the “safe network” (aka my home LAN)

• WAF
• Anubis