Access Control

How Can We Help?
< Back
You are here:
Print

Apache users can utilize directives in .htaccess to control access to certain directories or files, like so:

Order Deny,Allow
Deny from all

However, OpenLiteSpeed only supports .htaccess for rewrite rules, and not for directives. So, OpenLiteSpeed provides other methods for controlling access.

Deny Access to a Directory with Rewrite Rules

Let’s say we want to deny access to the /test/ directory

The simplest way is to use a rewrite rule, like this one:

RewriteRule ^/test/.*$ - [F,L]

You can put the rule in .htaccess or use the Rewrite tab in WebAdmin, like so:

Once the new rewrite rule is added, restart OpenLiteSpeed to make it take effect, and test by visiting the site again:

As you can see access to the /test/ directory is now denied for all visitors.

Auto Load from .htaccess

If Auto Load from .htaccess is set to Yes, then use this rule instead:

RewriteRule ^test/.*$ - [F,L]

The difference is the forward slash. Please take a look at our documentation on Apache rewrite rules for more details about this difference.

Allow Access to a Directory for a single IP with Rewrite Rules

You can customize the above rewrite rule to allow access only for a certain IP address, like so:

RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule ^test/.*$ - [F,L]

This set of rules will only allow access to /test/ directory if the visitor IP is 123.123.123.123

Please note that if you have CloudFlare or a reverse proxy over your site, you must make sure that Server Configuration > General > Use Client IP in Header is properly set , otherwise you will always see CloudFlare’s IP.

Controlling Access to a Directory with A Static Context

By simply setting Accessible to No, access to the URI is denied to all.

You can exert more granual control on a URI’s access by setting Accessible to Yes. Use Access Allowed and Access Denied to filter the types of visitors to allow and deny access, like so:

Controlling Access to Files

By manipulating context settings or rewrite rules, you can also control access to specific file types or individual files.

For example, you can deny access to file types .ini and .log.

Rewrite Rule:

RewriteRule ^/.*\.(log|ini)$ - [F,L]

Static Context:

In another example, you can deny access to the WordPress file xmlpc.php.

Rewrite Rule:

RewriteRule xmlpc.php$ - [F,L]

Static Context:

Block Multiple Files at Once

There are two ways to block multiple files, and both of them require you to separate file names with |.

Using a Context

URI:

exp:error_log|wp-config-sample.php|readme.html|readme.txt|license.txt|install.php|wp-config.php|php.ini|php5.ini|bb-config.php

Location:

$DOC_ROOT/$0

Accessible: No

With Rewrite Rules
RewriteCond %{REQUEST_URI} error_log|wp-config-sample.php|readme.html|readme.txt|license.txt|install.php|wp-config.php|php.ini|php5.ini|bb-config.php [NC]
RewriteRule .* - [F,L]

Sitemap.xml access control example:

RewriteCond %{HTTP_USER_AGENT} !.*(google|Bing).* [NC,OR]
RewriteRule sitemap.xml$ - [F,L]

To restrict your sitemap so that it is viewable only to known good bots, like Google, you can use the above rule. The [NC] flag is non-case-sensitive, and the [OR] flag on the first line is needed to match Google OR Bing.