Since then I’m using Apache and Nginx. Now I’d like to switch to Caddy because of the h3 support.
A pity that regular expression negative lookaheads aren’t supported in Caddy.
Now I’m trying to find a way around and it might be a feature request(?).
Here is how the config looked in Apache/Nginx:
Apache
<IfModule mod_authz_core.c>
<LocationMatch "(^|/)\.(?!well-known/)">
Require all denied
</LocationMatch>
</IfModule>
It does the exact same thing, but the expression is shorter and more expressive because it’s an actual boolean expression. Easier to read, easier to modify.
You could even use the actual path matcher within the expression like this, which is a bit shorter but probably slightly slower because it has to do more function invocations under the hood (we’re talking about nanoseconds here, not an appreciable difference):
It’s because we’re using Go, which uses RE2 as the regexp engine. See https://swtch.com/~rsc/regexp/regexp3.html#analysis for an explanation of why it doesn’t support it. Essentially lookaheads (and anything with backreferences) don’t have predictable performance, so it’s risky to use in situations where regexp might be user input. In general, regular Go code can do a better job of doing the same tasks if absolutely necessary.