Restrict access to some files from http

General
#1

Device: ESP-32

  1. My goal is: restrict access to download critical information from http server.
  2. My actions are: using mgos_http_server_set_document_root (), but I did not understand how this can be done in a flat file system
  3. The result I see is: files like init.js and configX.json are downlodable
  4. My expectation & question is: Is it possible to share the Document Root folder where the files are located
    Or is it possible to set file masks for which the download is allowed or denied
#2 
config_schema:
  - ["http.hidden_files", "*.json,*.html"]

Results:

mos --port ws://192.168.0.33/rpc ls
ca.pem
conf0.json
conf9.json
index.html
curl http://192.168.0.33/index.html
Not Found
curl http://192.168.0.33/conf9.json
Not Found
1 Like
#3

Is it possible to use negative or positive scheme in http.hidden files?
Like this: “-.json,+.html” for restricting access to json and allowing to html

#4 
- ["http.hidden_files", "*.json"]

to exclude only the json files.
What is not excluded, is allowed.