Deny access to zip files

[iRafaelG]

Hello everyone,

I have installed Cyberpanel with OpenLiteSpeed to build my digital product store. I am using Wordpress with Easy Digital Download.

This plugin will create a .htaccess file in "/wp-content/uploads/edd/" to be able to deny direct access to files, but it contains some rules that openlitespeed does not support:


Options -Indexes
deny from all
<FilesMatch '\.(jpg|jpeg|png|gif|mp3|ogg)$'>
Order Allow,Deny
Allow from all
</FilesMatch>


I've been trying all day to deny direct access to files. I've created contexts, I've read the documentation, I've tried to do it with rewrite rules ... but I can't. I do not know what to do. Can anybody help me?

Best regards.

 

[gilles]

Rewrite rules won't work as OLS does not support them for file access.
What file extensions are you trying to allow/deny access to?
Do you want to allow access to all jpg|jpeg|png|gif|mp3|ogg files and deny everything else?

 

[gilles]

UPDATED

You can create a static context at the virtual host level using the following expression:

exp:\.(zip)$

then set Location as:

$DOC_ROOT$0

and set Accessible to 'No'.

Leaving the location empty should work too.

 

[gilles]

@Cold-Egg: It would be great if there was an example to show how to allow specific file extensions and deny all others. Using the negative match operator (?!) from Perl extended regular expressions does not seem to work.

 

[iRafaelG]

Hello there,

I have done it! I don't know why it didn't work for me the first time, I think I didn't restart the server xD

I paste the solutions here in case someone needs them in the future. There are two ways to do it:

.htaccess
(If there is more than one .htaccess file, put the rewriterule in the .htaccess of the directory you want to protect. In my case in: "/wp-content/uploads/edd/.htaccess")

RewriteRule ^.*\.(txt|zip)$ - [F,L,NC]


context
(The "type null" is also valid. Paste the context at the bottom of: Cyberpanel > Website > List websites > Choose a web from the list > vHost Config )

context exp:^.*\.zip$ {
type static
location /home/$VH_NAME/public_html/wp-content/uploads/add/
allowBrowse 0
addDefaultCharset off
}


After applying the solution, restart litespeed.

Thank you very much for your help @gilles. What you propose also seems like a good idea to me ("if there was an example to show how to allow specific file extensions and deny all others").

Best regards.

 

[Cold-Egg]

Hi @gilles ,

Yes, both methods should work. To use .htaccess, we will need to refactor the FilesMatch rules to RewriteRule.

 

[iRafaelG]

Hi again,

@Cold-Egg, in the future... will Openlitespeed support other rules like filematch or just rewriterules?

Best regards

 

[gilles]

@Cold-Egg: Any chance support for Perl extended regular expressions could be added for contexts?

 

[Cold-Egg]

Hi @iRafaelG, OLS wont support <FilesMatch>, but rewrite rule or use context in vhost config as workaround works.

Hi @gilles, I can pass the request to the developer.