Trying to replicate .htaccess deny from all in certain directories

Jeff Melton
15 September 2015, 21:54
I'm working to migrate a WordPress site from Apache to Hiawatha. The site currently has two .htaccess files with
deny from all
, so I've created a URLToolkit:

UrlToolkit {
ToolkitID = deny_from_all
Match [^?]*(\?.*)? DenyAccess

I then created a .hiawatha file in each directory that contained the aforementioned .htaccess files, each containing only
UseToolkit = deny_from_all

Using wigwam to test, it seems that my toolkits are functioning correctly (I see 403 returned). But when I try to access those paths from a browser, I get a 500 error instead of a 403. I assume I'm Doing It Wrong^TM, though, so I'd really appreciate a hand with this.

Thanks in advance.
Hugo Leisink
15 September 2015, 22:04
The UseToolkit option is only allowed in a .hiawatha file located in the WebsiteRoot directory of a website. What you should do is create an UrlToolkit in which the access to the specific directies is blocked.
UrlToolkit {
ToolkitID = wordpress
RequestURI exists Return
Match [^?]*(\?.*)? Rewrite /index.php$1

UrlToolkit {
ToolkitID = my_website
Match ^/directory1/ DenyAccess
Match ^/directory2/ DenyAccess
Call wordpress

VirtualHost {
UseToolkit = my_website
Jeff Melton
15 September 2015, 22:27
Thanks, Hugo. Would it be simpler to use:

Directory {
Path = /what/I/want/to/match
AccessList = Deny All
Hugo Leisink
16 September 2015, 07:58
Sure, there are many ways to put this in a configuration file. But in Hiawatha it's done via the UrlToolkit. Another option is via an AccessList setting in a .hiawatha file in those directories. You can also block access via the filesystem access rights.
Jeff Melton
16 September 2015, 17:04
Thanks, Hugo. I have these working correctly now.
This topic has been closed.