How To Block Access To p For ALL USERS Using ...

• Home
• Forums New posts Search forums
• What's new Featured content New posts Latest activity

Log in Register What's new Search

Search

Everywhere Threads This forum This thread Search titles only By: Search Advanced search…

• New posts
• Search forums

Menu Log in Register Install the app Install How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

• Home
• Forums
• Technical Discussion
• OpenLiteSpeed (WWW)

You are using an out of date browser. It may not display this or other websites correctly.You should upgrade or use an alternative browser. How to block access to xmlrpc.php for ALL USERS using OpenLitespeed ?

• Thread starter Thread starter remics
• Start date Start date Sep 9, 2021

R

remics

Verified User

Joined Aug 6, 2019 Messages 60

How to block access to xmlrpc.php file?

Hello I use this code in httpd.conf to block access to xmlrpc.php file that kills many wordpress based websites every day ;-) Order Deny,Allow Deny from all Is it possible to add a rewrite rule to block access to some files like xmlrpc.php? If you use wordpress and security plugins please... forum.openlitespeed.org How could I generate a virtual host to apply this setting for ALL USERS? O

Ohm J

Verified User

Joined Aug 16, 2019 Messages 2,044 I don't know how openlitespeed token, so you need to find it yourself this solution for apache If you want to place some coding into <virtualhost> tag I reply about how to put to custom template file on this link

OSCP Must Staple

It's an old but still not common feature, but I guess it will grow popularity in future - OSCP Must Staple is an additional instruction bundled inside the TLS certificate which instructs the browser that the server MUST send an OSCP Stapling information. Question: Is there a way to implement... forum.directadmin.com add this to "CUSTOM3" token Code: <FilesMatch "^(xmlrpc\.php|wp-trackback\.php)"> Order Deny,Allow Deny from all </FilesMatch> and do some rewrite_confs Code: cd /usr/local/directadmin/custombuild ./build rewrite_confs ###UPDATE FOR OpenLiteSpeed Token

Version 1.58.0 | Directadmin Docs

DirectAdmin Knowledge Base www.directadmin.com Last edited: Sep 10, 2021 R

remics

Verified User

Joined Aug 6, 2019 Messages 60 I understand this should be super simple for most people but I created this thread with the goal of asking what are the exact steps I need to take as I really couldn't understand the documentation. The title is well written and I believe this is a common use case so I hope someone is available to help me and others with this problem.

Richard G

Verified User

Joined Jul 6, 2008 Messages 14,680 Location Maastricht I don't know OLS. But it looks like the same as in apache, only other files. Look at this:

Forbid serverwide access to xmlrpc.php

@Zeiter: Can you tell me what I did wrong? To block acces for the complete server I created the .pre files mentioned in the feature page. Then I added this: Order allow,deny Deny from all ErrorDocument 403 "Sorry, you are not allowed to view this... forum.directadmin.com related to this:

Version 1.53.3 | Directadmin Docs

DirectAdmin Knowledge Base www.directadmin.com Seems to me it's for OLS the same, just you have to use the CUSTOM.1.post or CUSTOM.7.post if I'm not mistaken. J

johannes

Verified User

Joined Feb 18, 2007 Messages 1,048 just wondering if mod_security rules woulndt be faster? L

LeonDynamic

Verified User

Joined Sep 19, 2020 Messages 46

remics said:

How to block access to xmlrpc.php file?

Hello I use this code in httpd.conf to block access to xmlrpc.php file that kills many wordpress based websites every day ;-) Order Deny,Allow Deny from all Is it possible to add a rewrite rule to block access to some files like xmlrpc.php? If you use wordpress and security plugins please... forum.openlitespeed.org How could I generate a virtual host to apply this setting for ALL USERS? Click to expand...

If you follow these instructions it will add a rewrite rule into all user VHost files to block access to xmlrpc. Code: cd /usr/local/directadmin/data/templates/custom/ touch cust_openlitespeed.CUSTOM.5.pre chown diradmin:diradmin cust_openlitespeed.CUSTOM.5.pre nano /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.5.pre Then inside the CUSTOM.5.pre file you can paste the following RewriteRule. Code: RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR] RewriteRule ^(.*)$ - [F,L,NC] If you wanted to take this a bit further and block access to more files system wide and apply to each VHost you can add as many filenames to list as you want. Code: RewriteCond %{REQUEST_URI} ^(.*)?readme\.html(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?readme\.txt(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-trackback\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?license\.txt(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-config\.php(.*)$ RewriteRule ^(.*)$ - [F,L,NC] R

remics

Verified User

Joined Aug 6, 2019 Messages 60

LeonDynamic said: If you follow these instructions it will add a rewrite rule into all user VHost files to block access to xmlrpc. Code: cd /usr/local/directadmin/data/templates/custom/ touch cust_openlitespeed.CUSTOM.5.pre chown diradmin:diradmin cust_openlitespeed.CUSTOM.5.pre nano /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.5.pre Then inside the CUSTOM.5.pre file you can paste the following RewriteRule. Code: RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR] RewriteRule ^(.*)$ - [F,L,NC] If you wanted to take this a bit further and block access to more files system wide and apply to each VHost you can add as many filenames to list as you want. Code: RewriteCond %{REQUEST_URI} ^(.*)?readme\.html(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?readme\.txt(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-trackback\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?license\.txt(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-config\.php(.*)$ RewriteRule ^(.*)$ - [F,L,NC] Click to expand...

Thank you so much! I hope it helps other people as well as helping me. However, when executing the above commands I had the problem of all pages being blocked with error 403 (forbidden). I don't know what I did wrong but here are the exact steps I took: Code: vim /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.5.pre put the following content in this file: Code: RewriteRule ^/(xmlrpc|wp-trackback)\.php - [F,L,NC] (no BREAK LINE, please) Code: cd /usr/local/directadmin/custombuild ./build rewrite_confs Reference Link: https://openlitespeed.org/kb/customization-hooks-in-directadmin/ Last edited: Sep 14, 2021 L

LeonDynamic

Verified User

Joined Sep 19, 2020 Messages 46

remics said: Thank you so much! I hope it helps other people as well as helping me. I've followed all the steps here and actually confirmed that it works, however after creating these files the next step is to run the following commands: Code: cd /usr/local/directadmin/custombuild ./build rewrite_confs Click to expand...

Thanks @remics for adding the rewrite config command forgot to add that to my reply. Also, have a look here https://www.vpsbasics.com/cp/ there are quite a few tutorials for OLS with DirectAdmin A

anay

Verified User

Joined Dec 7, 2005 Messages 120 I can here also confirm that this works and thanks @LeonDynamic for providing straightforward steps for it. You must log in or register to reply here. Share: Facebook X Bluesky LinkedIn Reddit Share Link

• Home
• Forums
• Technical Discussion
• OpenLiteSpeed (WWW)

Back Top