Hi,
Been banging my head against this all day.
I want to deny access to a few directories, sending either 404 or 403 redirects.
The directories are related to matomo server.
The folders and files I’m trying to deny access to are:
https://stats.mydomain.net/config/config.ini.php
https://stats.mydomain.net/tmp/cache/tracker/matomocache_general.php
https://stats.mydomain.net/tmp/
https://stats.mydomain.net/tmp/empty
https://stats.mydomain.net/lang/en.json
The .htaccess below is doing something as the http->https redirect is working fine.
the server is however still happily allowing access to the directories and files in the list.
Im just a lowly front end dev and I know way too little about any of this stuff. Any help would be greatly appreciated.
RewriteEngine On
order deny,allow
deny from all
allow from mydomain.net
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R]
RewriteRule ^(config|tmp|core|lang).*$ - [F,L,NC]
## I also attempted to target the ini.php file with this line...
## RewriteRule ^ini\.php$ - [F,L,NC]
DO you have litespeed ent on your server
all rules are not compatible with ols
are you saying: not all rules are compatible, or: ‘all-rules’ are not compatible?
okay, so I guess I need to edit the vhost file then? I should be able to block access there, right?
what would a vhost rule like this look like?
I have searched the forums for an answer but no one ever seems to get past this point.
I’m at it again and I have progress to report:
I have now put this in the vHost Conf field in cyberpanel:
rewrite {
enable 1
autoLoadHtaccess 1
RewriteRule ^/(config|tmp|core|lang).*$ - [F,L,NC]
}
This kind of solves the problem in that it renders the contents of the directories inaccessible, but it weirdly doesn’t send the forbidden error outright, but apparently causes a redirect loop, which is abandoned after 5 times, after which finally a redirect to 403.hml is sent… I guess?
my vh conf:
docRoot /home/{... snip ... }/stats
vhDomain $VH_NAME
vhAliases www.$VH_NAME
adminEmails {... snip ... }
enableGzip 1
enableIpGeo 1
errorlog $VH_ROOT/logs/{... snip ... }.error_log {
useServer 0
logLevel WARN
rollingSize 10M
}
accesslog $VH_ROOT/logs/{... snip ... }.access_log {
useServer 0
logFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
logHeaders 5
rollingSize 10M
keepDays 10
compressArchive 1
}
index {
useServer 0
indexFiles index.php, index.html
}
errorpage 403 {
url 403.html
}
errorpage 404 {
url 404.html
}
errorpage 500 {
url 500.html
}
scripthandler {
add lsapi:{... snip ... } php
}
phpIniOverride {
}
extprocessor {... snip ... } {
type lsapi
address {... snip ... }
maxConns 10
env LSAPI_CHILDREN=10
initTimeout 60
retryTimeout 0
persistConn 1
pcKeepAliveTimeout 1
respBuffer 0
autoStart 1
path /usr/local/lsws/lsphp80/bin/lsphp
extUser {... snip ... }
extGroup {... snip ... }
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 400
procHardLimit 500
}
context /.well-known/acme-challenge {
location /usr/local/lsws/Example/html/.well-known/acme-challenge
allowBrowse 1
rewrite {
}
addDefaultCharset off
phpIniOverride {
}
}
rewrite {
enable 1
autoLoadHtaccess 1
RewriteRule ^/(config|tmp|core|lang).*$ - [F,L,NC]
}
vhssl {
keyFile /etc/letsencrypt/live/{... snip ... }/privkey.pem
certFile /etc/letsencrypt/live/{... snip ... }/fullchain.pem
certChain 1
enableECDHE 1
renegProtection 1
sslSessionCache 1
enableSpdy 15
enableStapling 1
ocspRespMaxAge 86400
}
module cache {
storagePath /usr/local/lsws/cachedata/$VH_NAME
}