Access Control¶
Apache users can utilize directives in .htaccess
to control access to certain directories or files, like so:
Order Deny,Allow
Deny from all
However, OpenLiteSpeed only supports .htaccess
for rewrite rules, and not for directives. So, OpenLiteSpeed provides other methods for controlling access.
Deny Access to a Directory with Rewrite Rules¶
Let's say we want to deny access to the /test/
directory The simplest way is to use a rewrite rule, like this one:
RewriteRule ^/test/.*$ - [F,L]
You can put the rule in .htaccess or use the Rewrite tab in WebAdmin, like so:
Once the new rewrite rule is added, restart OpenLiteSpeed to make it take effect, and test by visiting the site again:
As you can see access to the /test/
directory is now denied for all visitors.
Auto Load from .htaccess¶
If Auto Load from .htaccess is set to Yes
, then use this rule instead:
RewriteRule ^test/.*$ - [F,L]
The difference is the forward slash. Please take a look at our documentation on Apache rewrite rules for more details about this difference.
Allow Access to a Directory for a single IP with Rewrite Rules¶
You can customize the above rewrite rule to allow access only for a certain IP address, like so:
RewriteCond %{REMOTE_ADDR} !^192\.0\.2\.0
RewriteRule ^test/.*$ - [F,L]
This set of rules will only allow access to /test/
directory if the visitor IP is 192.0.2.0
.
Tip
If you have CloudFlare or a reverse proxy over your site, you must make sure that Server Configuration > General > Use Client IP in Header is properly set , otherwise you will always see CloudFlare's IP.
Controlling Access to a Directory with A Static Context¶
Set Accessible to No
to deny access to everyone.
You can exert more granular control on a URI's access by setting Accessible to Yes
. Use Access Allowed and Access Denied to filter the types of visitors to allow and deny access, like so:
Controlling Access to Files¶
By manipulating context settings or rewrite rules, you can also control access to specific file types or individual files.
Example
To deny access to file types .ini
and .log
, use the following Rewrite Rule:
RewriteRule ^/.*\.(log|ini)$ - [F,L]
Static Context:
Example
To deny access to the WordPress file xmlpc.php
, use the following Rewrite Rule:
RewriteRule xmlpc.php$ - [F,L]
Static Context:
Block Multiple Files at Once¶
There are two ways to block multiple files, and both of them require you to separate file names with |
.
Using a Context¶
URI:
exp:error_log|wp-config-sample.php|readme.html|readme.txt|license.txt|install.php|wp-config.php|php.ini|php5.ini|bb-config.php
Location:
$DOC_ROOT/$0
Accessible: No
With Rewrite Rules¶
RewriteCond %{REQUEST_URI} error_log|wp-config-sample.php|readme.html|readme.txt|license.txt|install.php|wp-config.php|php.ini|php5.ini|bb-config.php [NC]
RewriteRule .* - [F,L]
Sitemap.xml access control example:¶
RewriteCond %{HTTP_USER_AGENT} !.*(google|Bing).* [NC,OR]
RewriteRule sitemap.xml$ - [F,L]
To restrict your sitemap so that it is viewable only to known good bots, like Google, you can use the above rule. The [NC]
flag is non-case-sensitive, and the [OR]
flag on the first line is needed to match Google OR Bing.