[Tutorial] How to deny access for files with certain extension or folder in OpenLiteSpeed/CyberPanel
in apache .htaccess file , we have something like this to deny access for certain files that needs to be protected
<FilesMatch "(?i)((\.ini|\.log|\.txt))">
Require all denied
</FilesMatch>
but OpenLiteSpeed doesn't read this.
so how do we deny access for files or folders ?
1. deny files with certain ext.
by simply added this code into your .htaccess
RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]
so any files with .log , .ini and .txt should be denied from access.
2. deny folder to be accessed.
add following code into the bottom of "vhost main configuration" area, like in screenshots
context /system {
type NULL
location /home/$VH_NAME/public_html/system
allowBrowse 0
addDefaultCharset off
}
explain: this context will NOT allow any access to http(s)://domain/system
original posted here by myself , and translated by myself 
Tagged:
Tagged:
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Comments
what code for directory listing? i want to display file contents on may site, sample site.com/downloads
sorry didn't see it in time , have you already figured this out ?
if not , this should help you
https://forums.cyberpanel.net/discussion/136/options-followsymlinks-ports-25-465-587#latest
^.*\.(log|ini|txt)$ - [F,L,NC]
> in apache .htaccess file , we have something like this to deny access for certain files that needs to be protected
>
> <FilesMatch "(?i)((\.ini|\.log|\.txt))"> Require all denied</FilesMatch>
>
> but OpenLiteSpeed doesn't read this.
>
> so how do we deny access for files or folders ?
>
> 1. deny files with certain ext.
>
> by simply added this code into your .htaccess
>
> RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]
>
> so any files with .log , .ini and .txt should be denied from access.
>
> 2. deny folder to be accessed.
>
> add following code into the bottom of "vhost main configuration" area, like in screenshots
>
> context /system { type NULL location /home/$VH_NAME/public_html/system allowBrowse 0 addDefaultCharset off}
>
> explain: this context will NOT allow any access to http(s)://domain/system
>
> original posted here by myself , and translated by myself :)
This is genius. And how to include certain IP from the global restriction of the folder? Is there an option for that?
https://openlitespeed.org/kb/access-control/
There are some trick to restrict access to directory and allow access to certain IP?
> Yes, and none of these are working. The only thing working is the vHost
Thanks. Kept trying (for about 1 hour) and could not believe that official documentation is piece of s**t.
[email protected]:/home/example.com/public_html# echo "test" > test.ini
[email protected]:/home/example.com/public_html# echo "test" > test.log
[email protected]:/home/example.com/public_html# echo "RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]" > .htaccess
[email protected]:/home/example.com/public_html# systemctl restart lsws
[email protected]:/home/example.com/public_html# curl -I -XGET --resolve example.com:80:127.0.0.1 http://example.com/test.txt
HTTP/1.1 403 Forbidden
Content-Type: text/html
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 1227
Date: Sun, 14 Mar 2021 21:49:14 GMT
Server: LiteSpeed
Connection: Keep-Alive
[email protected]:/home/example.com/public_html# curl -I -XGET --resolve example.com:80:127.0.0.1 http://example.com/test.log
HTTP/1.1 403 Forbidden
Content-Type: text/html
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 1227
Date: Sun, 14 Mar 2021 21:49:16 GMT
Server: LiteSpeed
Connection: Keep-Alive
[email protected]:/home/example.com/public_html# curl -I -XGET --resolve example.com:80:127.0.0.1 http://example.com/test.ini
HTTP/1.1 403 Forbidden
Content-Type: text/html
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 1227
Date: Sun, 14 Mar 2021 21:49:20 GMT
Server: LiteSpeed
Connection: Keep-Alive
did you restart OLS after you change htaccess ?
> ^.*\.(log|ini|txt)$ - [F,L,NC]" > .htaccess
I was talking about folders.
> @qtwrk said:
> did you restart OLS after you change htaccess ?
Yes, each of those 30 or 40 times I made the change, it would worked even with vhost configuration if I wouldn't restart, right?
In this link - https://openlitespeed.org/kb/access-control/
It mentions:
RewriteRule ^test/.*$ - [F,L]
and, while stating, that "The difference is the forward slash."
RewriteRule ^test/.*$ - [F,L]
I can't see the difference. Location, color and size looks the same.
[email protected]:/home/example.com/public_html# echo "RewriteRule ^test/.*$ - [F,L]" > .htaccess
[email protected]:/home/example.com/public_html# systemctl restart lsws
[email protected]:/home/example.com/public_html# curl -I -XGET --resolve example.com:80:127.0.0.1 http://example.com/test/test.html
HTTP/1.1 403 Forbidden
Content-Type: text/html
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Length: 1227
Date: Sun, 14 Mar 2021 23:02:09 GMT
Server: LiteSpeed
Connection: Keep-Alive
works on me
now you mention it , it's not s**t , but a typo
it should be ^/test/ vs ^test/
I mailed OLS staffs to correct it though.
>
> works on me
>
>
> now you mention it , it's not s**t , but a typo
>
> it should be ^/test/ vs ^test/
>
> I mailed OLS staffs to correct it though.
None of these worked for me anyway, as I mentioned already. So considering this and typo, it still smells the same.
did you put this rule at top ? , the L flag will change the result of rewrite rule based on their location in the htaccess , and forbid ones should be at top of it
> I just tested this and it works on me
>
> did you put this rule at top ? , the L flag will change the result of rewrite rule based on their location in the htaccess , and forbid ones should be at top of it
Oh yes, I know this very well. Well, as long as it works with vhost configuration, I'm fine. Just lost some time. If I have further folders to secure in the future, I'll try to investigate deeper.