Hi there, I am trying to block direct access to given subfolder of simple php website hosted on OpenBSD 6.8 amd64. Inside webroot folder there are some subfolders containing html files I'd like to restrict for direct requests, as they are intended for including to php scripts, not direct viewing.
What I want to achieve is to get 403 error while requesting "http://10.0.1.222/FOLDER/file.html";. This is say "development" server, accessible through local lan, listening on IP given below. My very simple config looks like this: server "10.0.1.222" { listen on 10.0.1.222 port 80 log style combined location "/*php*"{ root "/FOLDER" fastcgi socket "/run/php-fpm.sock" } directory { index "index.php" } location "/*" { root "/FOLDER" } location "/SUBFOLDER/*" {block} } Above does not work as I'd expect. Requesting "/SUBFOLDER" itself returns 403 code but hitting proper html filename gets suceeded with 200 code. I tried many versions of shell globes for "/SUBFOLDER/file" path but nothing changes described behaviour. I do not know if tere is problem in globe itself or in server config. No idea what to do, so any help appreciated. Tomasz(equi)Krol
