I'am trying to restrict access to some subfolders of simple website hosted on OpenBSD's httpd native server. Config is rather simple, it is for testing purposes:
server "10.0.1.222" {
listen on 10.0.1.222 port 80
log style combined
location "/*php*"{
root "/FOLDER"
fastcgi socket "/run/php-fpm.sock"
}
directory {
index "index.php"
}
location "/*" {
root "/FOLDER"
}
location "/SUBFOLDER/*" {block}
}
Inside the SUBFOLDER
I placed some htmls not intended to direct viewing. With last location
directive I expect requests like http://10.0.1.222/SUBFOLDER/01.html
to be blocked with 403
code but I can't achieve it.
While http://10.0.1.222/SUBFOLDER/
returns access denied
, requesting any proper html document name within SUBFOLDER
serves that request without any complaints.
If string: /SUBFOLDER/*
is (as I suppose) proper shell glob that should match string /SUBFOLDER/
itself + any string given after, then requests like http://10.0.1.222/SUBFOLDER/01.html
should be returned with code 403
. But it isn't working. I tried many combinations: "/SUBFOLDER/*"
, "/SUBFOLDER/*.html"
and so on with or without leading /
. No effect.
There is probably something I do not understand, but I can't debug my mistake. What am I missing?
Quick answer for my own question, obtained from misc@openbsd.org: according to the manual man httpd.conf in case of the location statement first match wins. To avoid some more specific rules being ignored it is necessary to put them before more global ones. In my case putting blocking directive just after log style combined
solved the problem.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.