[Tutorial] How to deny access for files with certain extension or folder in OpenLiteSpeed/CyberPanel

qtwrk

in apache .htaccess file , we have something like this to deny access for certain files that needs to be protected

<FilesMatch "(?i)((\.ini|\.log|\.txt))">
 Require all denied
</FilesMatch>

but OpenLiteSpeed doesn't read this.

so how do we deny access for files or folders ?

1. deny files with certain ext.

by simply added this code into your .htaccess

RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]

so any files with .log , .ini and .txt should be denied from access.

2. deny folder to be accessed.

add following code into the bottom of "vhost main configuration" area, like in screenshots

context /system {
  type                    NULL
  location                /home/$VH_NAME/public_html/system
  allowBrowse             0
  addDefaultCharset       off
}

explain: this context will NOT allow any access to http(s)://domain/system

original posted here by myself , and translated by myself

kaz050457

what code for directory listing? i want to display file contents on may site, sample site.com/downloads

qtwrk

@kaz050457 said:
what code for directory listing? i want to display file contents on may site, sample site.com/downloads

sorry didn't see it in time , have you already figured this out ?

if not , this should help you

https://forums.cyberpanel.net/discussion/136/options-followsymlinks-ports-25-465-587#latest

Bert

Trying RewriteRule ^/.*\.(log|ini|txt)$ - [F,L,NC] but it does not seem to be working, I can still view and download .ini files.

qtwrk

try

^.*\.(log|ini|txt)$ - [F,L,NC]

Bert

qtwrk said:

try

^.*\.(log|ini|txt)$ - [F,L,NC]

Thank you qtwrk.

L3xD

Type your comment> @qtwrk said:
> in apache .htaccess file , we have something like this to deny access for certain files that needs to be protected
>
> <FilesMatch "(?i)((\.ini|\.log|\.txt))"> Require all denied</FilesMatch>
>
> but OpenLiteSpeed doesn't read this.
>
> so how do we deny access for files or folders ?
>
> 1. deny files with certain ext.
>
> by simply added this code into your .htaccess
>
> RewriteRule ^.*\.(log|ini|txt)$ - [F,L,NC]
>
> so any files with .log , .ini and .txt should be denied from access.
>
> 2. deny folder to be accessed.
>
> add following code into the bottom of "vhost main configuration" area, like in screenshots
>
> context /system { type NULL location /home/$VH_NAME/public_html/system allowBrowse 0 addDefaultCharset off}
>
> explain: this context will NOT allow any access to http(s)://domain/system
>
> original posted here by myself , and translated by myself :)

This is genius. And how to include certain IP from the global restriction of the folder? Is there an option for that?

qtwrk

Have you check this ?

https://openlitespeed.org/kb/access-control/

L3xD

Yes, and none of these are working. The only thing working is the vHost