Project

General

Profile

[UE] Problems using mod_access to deny access based on filename extensions

Added by danielwlewis 12 months ago

I'm having trouble with mod_access. My lighttpd config file is shown below. I have successfully used url.access-deny to prevent access to specific folders as shown, but the line in the config file to deny access based on filename extensions gets rejected by lighttpd. I'm running lighttpd as a service within a XigmaNAS server, which is running on FreeBSD.

Any help would be appreciated.

Thanks!

Dan

server.modules += (
"mod_access",
"mod_expire",
"mod_deflate",
"mod_setenv",
"mod_cgi",
"mod_accesslog" 
)
#--- mod_access ----------------------------------------------------------
url.access-deny = (".txt", ".ged", ".rmgc")
$HTTP["url"] =~ "^/WebGenealogy/source" {
   url.access-deny = ("")
}
$HTTP["url"] =~ "^/WebGenealogy/signatures" {
   url.access-deny = ("")
}
#--- mod_accesslog -------------------------------------------------------
accesslog.filename="/mnt/Large/WebDocuments/access.log" 
#--- mod_expire ----------------------------------------------------------
$HTTP["url"] =~ "index[.]html" { expire.mimetypes += ("text/html" => "access plus 0 seconds") }
else {
expire.mimetypes += ("text/plain" => "access plus 0 seconds")
expire.mimetypes += ("text/html" => "access plus 1 hour") 
expire.mimetypes += ("text/css" => "access plus 1 month")
expire.mimetypes += ("text/javascript" => "access plus 1 month")
expire.mimetypes += ("image/" => "access plus 1 month")
}
#--- mod_deflate ----------------------------------------------------------
deflate.mimetypes = ("text/")
deflate.allowed-encodings = ( "gzip", "br", "deflate", "zstd" ) 
deflate.min-compress-size = 256
deflate.max-compress-size = 131072
#--- mod_setenv ----------------------------------------------------------
setenv.add-response-header += ( "Cache-Control" => "must-revalidate")
#--- mod_cgi ----------------------------------------------------------
$HTTP["url"] =~ "^/WebGenealogy/cgi-bin" {  cgi.assign = ( "" => "" ) }

Replies (3)

RE: Problems using mod_access to deny access based on filename extensions - Added by gstrauss 12 months ago

Any help would be appreciated.

Read the error message given by lighttpd.

but the line in the config file to deny access based on filename extensions gets rejected by lighttpd.

That is useless.

If you did not understand the error message, then you failed to share the error message in the post here.

Also, the lighttpd.conf you shared is not your entire lighttpd.conf, or else your error is different, and you still failed to read the error given by lighttpd.

Required reading:
How to get support

RE: Problems using mod_access to deny access based on filename extensions - Added by danielwlewis 12 months ago

Thanks for the prompt response. Unfortunately, even adding the line:

server.errorlog = "/mnt/Large/WebDocuments/error.log" 

did not cause lighttpd to write anything to the above error log when restarting lighttpd after adding the line:

url.access-deny = (".txt", ".ged", ".rmgc")

Even something as simple as:

url.access-deny = ("")

is also rejected without any entry in the error log. BTW, I'm sorry if "rejected" isn't sufficiently specific, but that's the only feedback I get inside XigmaNAS. The actual error message from XigmaNAS is

Error: The changes could not be applied (Error Code 1).

Ultimately (and for reasons I do not understand), I was able to solve the problem by making it conditional, as in:

$HTTP["url"] =~ "^/WebGenealogy" {
  url.access-deny = (".txt", ".ged", ".rmgc")
}

RE: Problems using mod_access to deny access based on filename extensions - Added by gstrauss 12 months ago

I wrote:

Required reading:
How to get support

Please do not post if you have not read How to get support and have not run the simple commands requested.

lighttpd tells you why it rejected the config. If you can't run the simple commands, then you should complain to XigmaNAS for hiding the diagnostics that lighttpd prints when there is a config error.

    (1-3/3)