how to prevent hotlinking with Caddy

jun 19 2022 updated aug 31 2022

recently, some people starting hotlinking to one of my websites in a way i didn't like. to prevent that, i added this to my Caddyfile:

/etc/caddy/Caddyfile

@hp {
  path /to/protect/*
  not header Referer https://yourdomain.tld*
}
              
respond @hp "Hotlinking is not allowed" 403 {
  close
}

once you reload caddy, you should find that all requests to the path specified will return a 403 unless originating from the specified domain.

if you'd like to add something like an age gate, you can instead use the rewrite directive to redirect internally to a page that contains the age gate, and then include an anchor element with an empty link to send the user through. this is how i have things set up now on my art website.