Well, indeed shame on me.... Putting more specifc rules just after first "server" statements is a gamechanger. Good lesson of proper and coscious reading manuals and being more patient rather than googling stuff and bothering people. And yet another proof that if something is not working in OpenBSD it is me and my typos.
Thank you Tomasz pt., 12 mar 2021 o 13:38 Shane Lazarus <shane.laza...@pobox.com> napisaĆ(a): > > Heya > > A quick read of the man page shows that the rule is first match for > location stanzas. > > So if you want the sub-dirs to not be read, place them above the root > location in the conf file. > > > Tested on 6.8: > I get 403's for block stanza placed above root location stanza. > I get files served when block stanza placed below root location stanza. > > > Shane > > On Sat, Mar 13, 2021 at 12:49 AM T K <mono...@gmail.com> wrote: > > > > Hi there, > > > > I am trying to block direct access to given subfolder of > > simple php website hosted on OpenBSD 6.8 amd64. > > Inside webroot folder there are some subfolders > > containing html files I'd like to restrict for direct requests, > > as they are intended for including to php scripts, not > > direct viewing. > > > > What I want to achieve is to get 403 error while > > requesting "http://10.0.1.222/FOLDER/file.html";. > > This is say "development" server, accessible > > through local lan, listening on IP given below. > > > > My very simple config looks like this: > > > > server "10.0.1.222" { > > listen on 10.0.1.222 port 80 > > log style combined > > > > location "/*php*"{ > > root "/FOLDER" > > fastcgi socket "/run/php-fpm.sock" > > } > > > > directory { > > index "index.php" > > } > > > > location "/*" { > > root "/FOLDER" > > } > > > > location "/SUBFOLDER/*" {block} > > } > > > > Above does not work as I'd expect. > > Requesting "/SUBFOLDER" itself returns > > 403 code but hitting proper html filename > > gets suceeded with 200 code. > > I tried many versions of shell globes > > for "/SUBFOLDER/file" path but nothing changes > > described behaviour. I do not know if tere is > > problem in globe itself or in server config. > > No idea what to do, so any help appreciated. > > > > Tomasz(equi)Krol > >
