I’m trying to come up with a Caddyfile that prevents hidden files/dotfiles (files or folders starting with .*) from being served. This alone is easy enough with a path matcher and a redirect:
redir /.* /
However, I still want Caddy to serve hidden files if they are inside of the .well-known folder – which is a common place for metadata files or DNS ownership proof.
In other webservers I can solve this with a regex that uses “negative lookahed” – something like ^\/\.(?!well-known\/). However Caddys Regex engine (Google re2) does not support negative lookahead.
So how can I achieve this?