Heya A quick read of the man page shows that the rule is first match for location stanzas.
So if you want the sub-dirs to not be read, place them above the root location in the conf file. Tested on 6.8: I get 403's for block stanza placed above root location stanza. I get files served when block stanza placed below root location stanza. Shane On Sat, Mar 13, 2021 at 12:49 AM T K <[email protected]> wrote: > > Hi there, > > I am trying to block direct access to given subfolder of > simple php website hosted on OpenBSD 6.8 amd64. > Inside webroot folder there are some subfolders > containing html files I'd like to restrict for direct requests, > as they are intended for including to php scripts, not > direct viewing. > > What I want to achieve is to get 403 error while > requesting "http://10.0.1.222/FOLDER/file.html";. > This is say "development" server, accessible > through local lan, listening on IP given below. > > My very simple config looks like this: > > server "10.0.1.222" { > listen on 10.0.1.222 port 80 > log style combined > > location "/*php*"{ > root "/FOLDER" > fastcgi socket "/run/php-fpm.sock" > } > > directory { > index "index.php" > } > > location "/*" { > root "/FOLDER" > } > > location "/SUBFOLDER/*" {block} > } > > Above does not work as I'd expect. > Requesting "/SUBFOLDER" itself returns > 403 code but hitting proper html filename > gets suceeded with 200 code. > I tried many versions of shell globes > for "/SUBFOLDER/file" path but nothing changes > described behaviour. I do not know if tere is > problem in globe itself or in server config. > No idea what to do, so any help appreciated. > > Tomasz(equi)Krol >
