This page is about Caddy 1 and will stay here forever.

User Guide


internal protects all resources in the specified directory from external requests. Browsers (or any client) that directly requests a resource in the protected directory will receive a 404 Not Found status.

Because this directive supports the X-Accel-Redirect header, it is often used in conjunction with a backend proxy. Requests to a different URL than the internal one may be redirected to a proxy, which can set the X-Accel-Redirect header. When Caddy sees this coming from the proxy, it will allow access to the internal resource and send it to the client. This is also known sometimes as X-Sendfile.

This pattern handling requests allows a backend proxy to perform logging, authentication, and other things without the client having to deal with redirects.


internal path


To protect all contents of /internal from being served directly:

internal /internal

Part of an example Caddyfile that protects some resources but allows a proxy to grant access to them (the service listening on :9000 must set X-Accel-Redirect):

internal /internal proxy /redirect http://localhost:9000

Need help with this feature?

Join us in the Caddy forum, where the open source community gathers to share their knowledge.

Does your company use Caddy?

Purchase a commercial license to use Caddy with your business and for basic email support, along with other benefits!