Blocking access to /lucee/admin/ mappings on Ubuntu

Hi guys,

I hope someone can help me.

I’m working on my first Lucee box on EC2 and after many headaches and hurdles I’m getting somewhere!

I’m wanting to lockdown /lucee/admin/ for security and cosmetics in production but I’m finding that very hard.

I’m using VirtualMin/Apache with Lucee auto-installed on top of it.

Just as I have my EC2 instance’s SSH lockeddown to certain IPs, and I have phpmyadmin locked down to certain IPs with a .htaccess rewrite rule, I want to do the same with /lucee/admin/.

I’ve tried .htaccess rewrite rules but it looks like they aren’t effective with the /lucee/* mappings.

The docs (linked) say you can use this Rewrite rule:

RewriteCond %{REMOTE_ADDR}       !=127\.0\.0\.1
RewriteRule ^.*/lucee/admin/   -   [F]

But that doesn’t work for my virtual host.

Whereas this does work to lockdown my /phpmyadmin:

RewriteCond %{REMOTE_HOST} !^33\.145\.20\.307
RewriteCond %{REQUEST_URI} /(phpmyadmin|server_tools|WEB-INF|lucee)(.*)
RewriteRule .* /403.shtml [L]

I hope that’s clear and I hope someone can help. Thanks in advance.


If anyone can offer guidance on how to do rewrite-level IP blocking that would be great.

But for now it seems like if you XML-comment out the relevant mapping(s) in:

…and reboot with…
/opt/lucee/lucee_ctl restart

… you can block /lucee/admin access by disabling the mapping.

Did you try with this Lockdown Guide :: Lucee Documentation?

Yes, I did but sadly the docs have code snippets with no instructions as to where to locate them!!!

Yeah, but there was some hint like apache directive. In windows Check here C:\xampp\apache\conf\httpd.conf