Forum

.hiawatha and hiawatha.conf help to block access to a directory

Lido
16 September 2018, 02:39
I've got an opencart installation running on Hiawatha v10.8.2, but there's a bug and I need to keep a directory in the web root folder that would under normal security practices be kept outside/above that folder. The devs suggest in the bug tracker to use .htaccess to block access to that directory, but I've tried a few different ways to do that, but haven't been able to succeed.

I put a file named 'test.html' in the directory.

Then I created a .hiawatha file in that directory with the contents:

AccessList = deny all


and the file is still accessible.

So I put this into hiawatha.conf:

Directory {
Path = /var/www/[mydomainhere].com/public/storage/
AccessList = deny all
}


...and restarted hiawatha. I can still load test.html. So then I tried this in hiawatha.conf:

Directory {
DirectoryID = storage
Path = /storage
ShowIndex = no
AccessList = deny all
}


...but alas, I can still load test.html.

If I try to just browse to '[mydomain].com/storage/', i get the result "No input file specified."

If this matters, I've got the following toolkit in hiawatha.conf also as suggested elsewhere here:

UrlToolkit {
ToolkitID = opencart
Match ^/sitemap.xml$ Rewrite /index.php?route=feed/google_sitemap
Match ^/googlebase.xml$ Rewrite /index.php?route=feed/google_base
Match ^/system/download/.* Rewrite /index.php?route=error/not_found
RequestURI exists Return
Match \.(ico|gif|jpg|jpeg|png|js|css) Return
Match ([^?]*)(\?(.*))? Rewrite /index.php?_route_=$1&$3
}


Thanks.
Hugo Leisink
16 September 2018, 10:40
Then I created a .hiawatha file in that directory with the contents...

You need to set 'UseLocalConfig = yes' in your virtual host configuration for that to work.

So I put this into hiawatha.conf...

That's no a valid .hiawatha configuration. Just use 'AccessList = deny all'.

So then I tried this in hiawatha.conf...

Did you use 'UseDirectory = storage' in your virtual host configuration?
Lido
17 September 2018, 00:02
Thanks. This cleared up a lot. Particularly:

You need to set 'UseLocalConfig = yes' in your virtual host configuration for that to work.

and
Did you use 'UseDirectory = storage' in your virtual host configuration?
This topic has been closed.