In the post-"AI" era, most of the HTTP requests are issued by grabbers, trying to train their bullshit "AI" without permission. If you do that, I can't prevent it in any way, but here's my finger.
Now, a number of projects mitigate this problem by using Cloudflare, or products such as Anubis. I speculated that basic HTTP authentication is probably enough to stop scrapers.
Will my approach work? Time will tell. For sure it is not good for usability, but if you are the kind of person who can understand the protected content, chances are that you also know how log in, and that you are smart enough to figure out the credentials.
The username and password required to enter the protected pages are, in fact, not a secret. They are literally available and visible (hint: case-sensitive, punctuation matters) on my exquisitely nerdy 401 error landing page.
You can reach it either by canceling/failing the login, or by clicking here.
