Hotlink prevention in Caddy 2.0

One of the fonts on my website requires me to do hotlink prevention as part of its license. This is how I implemented it using Caddy 2.0.

It wasn’t obvious to me where the @fontPirate block could go. On my third attempt, putting it inside the www.example.com block worked*.

example.com {
	redir https://www.example.com{uri}
}

www.example.com {
	root * /var/www
	
	file_server
	
	@fontPirate {
		path /fonts/commercial/*
		not header Referer https://www.example.com*
	}
	
	respond @fontPirate "Access denied" 403 {
		close
	}
}

* It didn’t work at the end; I got an error complaining that @fontPirate hadn’t been defined yet. It also didn’t work as the first thing in the file; I got an error complaining that path was an unrecognized directive.

2 Likes