How to block all .zip files from being downloaded in browser (OpenLiteSpeed + DirectAdmin)

[mr.ken84]

Hello,
i am using DirectAdmin with OpenLiteSpeed on my Linux server.
I want to completely block all .zip files from being downloaded via a web browser, for all websites and all users on the server.
For example: if someone tries to access https://domain.com/file.zip, they should get a 403 Forbidden or similar error instead of downloading the file.

What is the best way to configure this in OpenLiteSpeed so that it applies globally across all Virtual Hosts in DirectAdmin?
Should I use context or rewrite rules, and where should they be placed so that they are not overwritten by DirectAdmin?

Thank you!

 

[zEitEr]

Hello,

You might add your custom rewrite rules in /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.5.post and run da build rewrite_confs

Create the folder /usr/local/directadmin/data/templates/custom/ and the file /usr/local/directadmin/data/templates/custom/cust_openlitespeed.CUSTOM.5.post if they are missing.

 

[IXPLANET]

Hello,
i am using DirectAdmin with OpenLiteSpeed on my Linux server.
I want to completely block all .zip files from being downloaded via a web browser, for all websites and all users on the server.
For example: if someone tries to access https://domain.com/file.zip, they should get a 403 Forbidden or similar error instead of downloading the file.

What is the best way to configure this in OpenLiteSpeed so that it applies globally across all Virtual Hosts in DirectAdmin?
Should I use context or rewrite rules, and where should they be placed so that they are not overwritten by DirectAdmin?

Thank you!

you can use ModSecurity rules for blocking .zip files from being downloaded via web browser.

SecRule REQUEST_URI "\.zip$" "id:899977911,deny,log,status:403,msg:'Forbidden'"

 

[zEitEr]

you can use ModSecurity rules for blocking .zip files from being downloaded via web browser.

It will be an overhead to enable ModSecurity just for disabling ZIP

 

[IXPLANET]

It will be an overhead to enable ModSecurity just for disabling ZIP

No it not overhead, this rules only for block url end with zip extension

 

[zEitEr]

No it not overhead, this rules only for block url end with zip extension

Do you mean enabling pure ModSecurity without loading rules from OWASP/Comodo/etc?

 

[johannes]

both should, beside .htaccess, also work in vhost:

1)
<FilesMatch "\.zip$">
Require all denied
</FilesMatch>

2)
RewriteEngine On
RewriteCond %{REQUEST_URI} \.zip$ [NC]
RewriteRule ^.*$ - [F,L]

 

[Ohm J]

@IXPLANET
@zEitEr meaning, Enable mod security could breaking the site.

So if he already using the modsec, then it fine to just place the manual rules.

 

[zEitEr]

@zEitEr meaning, Enable mod security could breaking the site.

That's why I mentioned that using ModSecurity only for a single case is an overkill.

 

[IXPLANET]

yes depending if he used modsecurity in their server, because i see in first post they said for all user , so i assume they used that . ModSecurity is not horrible and not always overkill server actually because it was used since for many years ago in thousand server worldwide and for security better using that .