setting up a simple age gate with Caddy
while i've previously explained basic hotlink prevention on here, age gates are also a very useful way to prevent problems from links to unexpected parts of your website without stopping users from seeing the content if they want to see it. instead of using client-side JavaScript to do it, however, i use a bit of Caddy magic.
first, you're going to need to create the layout for your age gate page. all that matters is that it has a "yes" and "no" buttons as anchor tags. set up the links to be something like this:
<div class="buttons">
<a href="">yes</a>
<a href="/">no</a>
</div>
note how the "yes" button links to "". this will essentially reload the page, except with the Referer1 set to our domain instead of the domain the link was on. the "no" button can link to wherever you want it to go.
now, to set up Caddy. start by placing the new page you've just made in a convenient location, like /hotlink.html, then add something like this to your Caddyfile:
@hp {
path /nsfw*
not header Referer https://moth.wtf*
not header_regexp User-Agent (.*)[Bb]ot(.*)
}
rewrite @hp /hotlink.html
now, when someone is linked from outside your website to the /nsfw section, they'll be shown a polite warning. if they say yes, they will then be shown the content at the link. if you want to block all links behind the age gate, and not just a single section, just make the path matcher "/*" instead.
note how we also use regex to look for any user agent with "bot" or "Bot" in it, and allow them through as well. this will ensure that we don't accidentally block any useful bots from seeing the site.
on our personal art website, we also have a static version of the age gate at /nsfw/warning/, which links to /nsfw/, for internal linking to the adults-only section from the main index page.
1. yes, that is how the header is spelled. for historical reasons, nobody can fix it.