Title: Serving a (g)zip bomb with Caddy
Date: 2025-02-01 16:45

Because [we can't have nice things on the
web](https://social.kernel.org/notice/AqJkUigsjad3gQc664), here is a stupid
trick to kill some bots without having to run multimegabyte binaries eating CPU
to run Markov Chains. First, create a hefty 10TB (g)zip bomb with `dd
if=/dev/zero bs=10k count=1G | gzip -9 > /etc/caddy/10T.gzip`. Don't worry, this
doesn't take disk space nor ram, only a bit of CPU and some time. Then, put
the following snippet in your Caddy configuration:

```caddy
handle /trap {
        file_server
        try_files /etc/caddy/10T.gzip
        header Content-Encoding gzip
        header Content-Type text/html
}
```

Hilarious side-note: if you don't put the `file_server` directive, things won't
work properly and you'll waste a lot of time trying to figure out why.

Anyway, check that things are *working* with `curl --compressed
https://dustri.org/trap --output /dev/null`, and if it's the case,
put a `Disallow: /trap` line in your
[`robots.txt`](https://en.wikipedia.org/wiki/Robots.txt) file,
and add a `<a hidden href="./trap">anti-ai trap</a>` somewhere on your
webpages.

Congratulations on making the web a better place.