diff --git a/Network.md b/Network.md
index 1348867..736068c 100644
--- a/Network.md
+++ b/Network.md
@@ -65,6 +65,17 @@ openpi.alogins.net {
     file_server browse
 }
 
+# Ad-hoc file sharing — explicit per-file path mapping, no directory listing
+dl.alogins.net {
+    @chiefx8 path /chief-x8.zip
+    handle @chiefx8 {
+        root * /mnt/misc/qbittorrent/downloads
+        rewrite * "/Chief Architect Premier X8 18.1.1.4 Portable.zip"
+        file_server
+    }
+    respond 404
+}
+
 # VPN proxy (3X-UI)
 vui3.alogins.net {
     @xhttp { path /VLSpdG9k/xht* }
@@ -100,6 +111,10 @@ sudo systemctl enable --now caddy
 
 **HTTP/3 disabled globally** — the top-level `protocols h1 h2` option forces HTTP/1.1 and HTTP/2 only. OnlyOffice editor assets stall over HTTP/3 on distant connections (Caddy aborts with `writing: timeout: no recent network activity`), which breaks the Seafile → OnlyOffice flow. HTTP/2 handles the same payloads without issue.
 
+### Ad-hoc file sharing pattern
+
+Use `dl.alogins.net` for temporary public downloads. Map each file to an explicit short path inside a `handle` block; default to `respond 404` so the host does not leak structure. Caddy runs as the `caddy` user — make sure the file is world-readable (`chmod o+r`) or accessible to that user. Remove the `handle` block when no longer needed.
+
 ### Hairpin NAT
 
 The router does not support hairpin NAT — the server cannot reach its own public IP from within the LAN. Services that need to call back to a public domain from the host or from Docker containers must use local overrides.