Access restriction in caddy web server

My Caddyfile is pretty easy and looks like this:

:80
tls off
root /var/www
gzip
fastcgi / /var/run/php5-fpm.sock php

Is it possible to restrict access to /var/www/secret, so http://localhost/secret/secretfile.txt is no longer accessible?

Solution

You can use either basicauth or internal to achieve this. Since you want a secret directory, internal would be my recommendation here.

basicauth

basicauth /secret username password

Still accessible, but protected with username/password.

internal

internal /secret

Not accessible, throws a 404 Not Found status.

Protected and "package-private" visibility when inheriting from class in different package
How to restrict access by particular user to bucket using bucket level policy in MinIO?
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access
What is the simplest way to restrict access to a static website using social auth
AWS: Cross account access fails with not authorized to access this resource
Drupal 7 Access Callback Not Working Properly
Check if online resource is reachable with JavaScript, not requiring the The Same Origin Policy to allow it
Unable to View Roles in Storage Account in Azure getting Blank
Does anyone know details about PERM-AR-DO?
Creating a Limited Privilege PostgreSQL Role for Backend Server
Ajax API call Access-Control-Allow-Origin. Origin not allowed access
Cloud Run/Build artifacts buckets are created with Fine Grained access policy by default
ClickHouse SQL driven access control replication
Memory Access Control in Windows Memory Management
XACML how to efficiently control Access to Collections (Lists) of Resources
A MongoDB "userAdminAnyDatabase" user cannot admin users in "any database". Why?
Azure DevOps - Decode ACE permission bits
What is the difference between Policy Target and Rule Target in ALFA or XACML?
How to format Ceph S3 bucket-policy Principal?
MLRun, Role issue - Read only mode for Events, Identity, Grafana, etc
How to make an instance property only visible to subclass?
Symfony2 - set security access_control to allow only authenticated anonymously
Why do memberwise initializers become 'private' when the structure contains a private property?
How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags?
Granular access to directories within monorepo
Auth0 access control
Property must be declared fileprivate because its type ... uses a private type
How to get data from Quizlet without API using Node.js
Directory.CreateDirectory access to path is denied?
Retrieve ACL of specific file with Google Cloud Storage Client Library for Java