Accessible No at context level allows to get files from the non accessible folder

kvv213

New Member
#1
Hello Everyone!

I'm new in OLS and would like to migrate to it from Apache. And I faced a problem how to close an entire directory from access from the internet. The directory is inside html pages and is required for working of other services.

In Apache I can close a dir with all files in it with just two lines in .htaccess:
Order allow,deny
Deny from all

In OLS we don't have such a thing. But we can organize a context that points to this dir and make it is not accessible:
1668288324645.png

In that case I can't get access to this dir from web. But I can get access to the files in that dir if I know their names. This is a strange behaviour.

According to a documentation I can also use Rewrite. But I don't understand how to form in in a correct way.
 

kvv213

New Member
#3
What about adding a .htaccess file with the following rule under the .sync folder.
Code:
RewriteRule .* - [F,L]
Yes, that worked well.

Mine problem was in two things:
1. I was trying to make redirects not at the folder level in .htaccess but at VirtualHost level and that didn't work.
2. The browser I used somehow cashed a test file I used to check the accessibility so it always was available.

Anyway the thing with Static Context Accessible is till a mystery.
 

Cold-Egg

Administrator
#4
1. Need more information about how you do the redirect via virtual host level so we can help.
2. Maybe a browser cache, just clean up the data, or test it via an incognito browser.

The context works with my test, files also got a 403 return, but if you test a file under another folder, then it may not match the context rule.
Expect result
/.sync/abc/test.txt = 200
/.sync/test.txt = 403
 

kvv213

New Member
#5
1. Need more information about how you do the redirect via virtual host level so we can help.
2. Maybe a browser cache, just clean up the data, or test it via an incognito browser.

The context works with my test, files also got a 403 return, but if you test a file under another folder, then it may not match the context rule.
Expect result
/.sync/abc/test.txt = 200
/.sync/test.txt = 403
As to redirects via RewriteRule - the problem was in the browser cache. So not it works well.

Regarding to access via Context I can't confirm your results. I used Example site:
/html/blocked/file.txt 403
/html/blocked/t/file.txt 403

Anyway this works as it was expected. The behaviour when I could get a file from a blocked directory is again browser cache. I think.
 
Top