This page is about Caddy 1, but Caddy 2 is now in beta. Click here for Caddy 2. Thank you for your patience as we transition!

User Guide


internal protects all resources in the specified directory from external requests. Browsers (or any client) that directly requests a resource in the protected directory will receive a 404 Not Found status.

Because this directive supports the X-Accel-Redirect header, it is often used in conjunction with a backend proxy. Requests to a different URL than the internal one may be redirected to a proxy, which can set the X-Accel-Redirect header. When Caddy sees this coming from the proxy, it will allow access to the internal resource and send it to the client. This is also known sometimes as X-Sendfile.

This pattern handling requests allows a backend proxy to perform logging, authentication, and other things without the client having to deal with redirects.


internal path


To protect all contents of /internal from being served directly:

internal /internal

Part of an example Caddyfile that protects some resources but allows a proxy to grant access to them (the service listening on :9000 must set X-Accel-Redirect):

internal /internal proxy /redirect http://localhost:9000

Need help with this feature?

Join us in the Caddy forum, where the open source community gathers to share their knowledge.

Does your company use Caddy?

Purchase a commercial license to use Caddy with your business and for basic email support, along with other benefits!