Project

General

Profile

[UE] "url.access-deny" does not work?

Added by letrois 2 months ago

I have this in my lighttpd.conf:

url.access-deny             = ( "~", ".inc",".asdf",".vue" )

"~" works.
".inc" works.
".asdf" does NOT work. (only works as 403 when actually 404 occurs. If a "xxx.asdf" exists, the file will be downloaded.)
".vue" does NOT work. (only works as 403 when actually 404 occurs. If a "xxx.vue" exists, the file will be downloaded.)

Is there anything wrong? TKS.


Replies (4)

RE: "url.access-deny" does not work? - Added by gstrauss 2 months ago

Is there anything wrong? TKS.

When someone like yourself make a poorly written post, the most frequent mistake is assuming someone else is at fault rather than yourself. That is usually what turns out to be wrong.

Please carefully read How to get support

url.access-deny = ( "~", ".inc",".asdf",".vue" )
works as expected for me on a set of files named /index.html (200 OK), /index.html~ (403), /index.inc (403), /index.asdf (403), /index.vue (403)

RE: "url.access-deny" does not work? - Added by letrois about 2 months ago

Sorry it was in a hurry, without thinking much.
I've been happily using Lighty for 20 years and now am using lighttpd/1.4.55 on Ubuntu20.04 with main browser as Edge 117.0.2045.12. No syntax problem with my configuration file and server is functioning. I did not have experience of url.access-deny configuration, thus did not have such problem before. And, by "is there anything wrong", I meant "anything wrong with my configuration", instead of Lighty.

Now after I got up this morning, I realized that, it's probably the problem of "browser cache". If I downloaded a file when it was allowed, like "xxxx.asdf", it was cached locally by the browser. Then I modify the lighttpd.conf and disable ".asdf" files access, still I can download "xxx.asdf" without problem, even after I force-reload/restart lighttpd or restart the browser. After a period of time, which I'm uncertain yet, the file is unreachable. It is the same situation for Edge and Chrome.

I'm not sure if there is anything to workaround with lighty. But it's ok. I'm considering this solved.

Thks again for comment.

RE: [UE] "url.access-deny" does not work? - Added by gstrauss about 2 months ago

If the browser cache is serving the response instead of the origin server, then there is nothing that the origin server can do since the origin server is not asked to serve the request.

In short: clear your browser cache and test in an Incognito or Private Browsing window. In addition, confirm results with a different client on a different machine, e.g. a command line client such as curl.

RE: [UE] "url.access-deny" does not work? - Added by letrois about 2 months ago

You are right.
Curl/PrivateBrowsing confirms that, it is just a minor issue caused by the browser cache.
Good to know. Nothing to do or worry about.

    (1-4/4)