Cant block external ips in Caddy while using ssh remote port forwarding

Question

I run a home server in my local network. Due to my DSL provider, I need to use SSH remote forwarding through a Vroot server to handle incoming requests. This setup works fine using the following command:

ssh -fN -R 80:localhost:80 -R 443:localhost:443 {sshident}

However, I want to restrict specific subdomains to only be accessible from my local network while still using Caddy to reverse proxy these subdomains with HTTPS.

The problem I'm encountering is that all incoming traffic appears to have the same remote_ip, making it difficult to block external requests effectively.

Here's an excerpt from the Caddy log:

Part of the Caddy log:

INFO    http.log.access.log0    handled request {"request": {"remote_ip": "172.24.0.1", "remote_port": "51840", "client_ip": "172.24.0.1"

Is there a way to configure Caddy to differentiate between local and external requests, or to otherwise block external requests for certain subdomains?

My current CaddyFile:

pihole.{$DOMAIN} {
    log {
        output stdout
        format console
    }
    @denied not client_ip private_ranges
    abort @denied
    reverse_proxy {$PIHOLEIP}:80
    rewrite / /admin
}