OK, newbie question here. I have a file called .user.ini created by the Wordpress "Wordfence" plugin. Wordfence is complaining this file (which it created) is accessible.
So the external address of the fuile would be:
https://mysite.com/.user.ini
I've tried blocking it using a RewriteRule (in the RewriteRule vhost section) such as the rule outlined in this post here:
https://forum.openlitespeed.org/threads/how-to-block-access-to-xmlrpc-php-file.2570/
Using a rule identical to the one in that post but with .user.ini added doesn't work as expected - for example:
RewriteRule ^/(xmlrpc\.php|wp-trackback\.php|\.user\.ini) - [F,L,NC]
This blocks xmlrpc.php and wp-trackback.php with a 403 fine, but access to .user.ini is still allowed. I've also tried this without backslashes (and/or removing the initial one).
I've also tried adding a context, either a unique context just for that filename or a general / context with a disallow in the rewrite rules similar to above. Still didn't work.
Is there something special about the fact it's a dot file?
So the external address of the fuile would be:
https://mysite.com/.user.ini
I've tried blocking it using a RewriteRule (in the RewriteRule vhost section) such as the rule outlined in this post here:
https://forum.openlitespeed.org/threads/how-to-block-access-to-xmlrpc-php-file.2570/
Using a rule identical to the one in that post but with .user.ini added doesn't work as expected - for example:
RewriteRule ^/(xmlrpc\.php|wp-trackback\.php|\.user\.ini) - [F,L,NC]
This blocks xmlrpc.php and wp-trackback.php with a 403 fine, but access to .user.ini is still allowed. I've also tried this without backslashes (and/or removing the initial one).
I've also tried adding a context, either a unique context just for that filename or a general / context with a disallow in the rewrite rules similar to above. Still didn't work.
Is there something special about the fact it's a dot file?
