Deny Access to a Directory with Rewrite Rules

ldavid · May 23, 2023, 2:22am

Hello, I have read this article:
https://openlitespeed.org/kb/access-control/
added this to .htaccess

matomo directories

RewriteRule ^.git/.$ - [F,L]
RewriteRule ^core/.$ - [F,L]
RewriteRule ^config/.$ - [F,L]
RewriteRule ^lang/.$ - [F,L]
RewriteRule ^temp/.*$ - [F,L]

restarted litespeed - the rule is not working and the file path is available in a browser

when I loginto litespeed :7080 i see the rewrite table says: Rewrite Map (Disabled by CyberPanel)

so, how to deny access to directories?

josephgodwinke · May 23, 2023, 7:46am

Hello @ldavid

Why dont you use context like this

context {
  uri /folderxyz/
  accessControl {
    deny 
  }
  location folderxyz/
}

ldavid · May 23, 2023, 12:32pm

in .htaccess?

josephgodwinke · May 23, 2023, 2:59pm

No in vHost config of the website

ldavid · May 23, 2023, 3:10pm

sorry, its not that clear. here is what I have in vhost in cyberpanel ( not litespeed)

docRoot $VH_ROOT/public_html
vhDomain $VH_NAME
vhAliases www.$VH_NAME
adminEmails nick@ciso.com
enableGzip 1
enableIpGeo 1

errorlog $VH_ROOT/logs/$VH_NAME.error_log {
useServer 0
logLevel WARN
rollingSize 10M
}

accesslog $VH_ROOT/logs/$VH_NAME.access_log {
useServer 0
logFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i””
logHeaders 5
rollingSize 10M
keepDays 10
compressArchive 1
}

index {
useServer 0
indexFiles index.php, index.html
}

scripthandler {
add lsapi:matci7618 php
}

phpIniOverride {
php_admin_value open_basedir “/tmp:$VH_ROOT”
}

extprocessor matci7618 {
type lsapi
address UDS://tmp/lshttpd/matci7618.sock
maxConns 10
env LSAPI_CHILDREN=10
initTimeout 600
retryTimeout 0
persistConn 1
pcKeepAliveTimeout 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphp81/bin/lsphp
extUser matci7618
extGroup matci7618
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}

context /.well-known/acme-challenge {
location /usr/local/lsws/Example/html/.well-known/acme-challenge
allowBrowse 1

rewrite {
enable 0
}
addDefaultCharset off
}

rewrite {
enable 1
autoLoadHtaccess 1
}

vhssl {
keyFile /etc/letsencrypt/live/mat.ciso.com/privkey.pem
certFile /etc/letsencrypt/live/mat.ciso.com/fullchain.pem
certChain 1
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
}

module cache {
storagePath /usr/local/lsws/cachedata/$VH_NAME
}

context {
uri /config/
accessControl {
deny
}
location config/
}

josephgodwinke · May 23, 2023, 3:32pm

Now add the context below this context

ldavid · May 23, 2023, 3:38pm

that broke litespeed completely

luckyrajpurohit · May 23, 2023, 7:35pm

https://openlitespeed.org/kb/ols-configuration-examples/

context /blocked/ {
allowBrowse 0
}