Server Rules Not Working
What This Means
This issue occurs when server-level protections applied by Steel Security do not take effect.
You may enable a hardening control, but the expected behavior does not occur.
Common Symptoms
- restricted files or endpoints remain accessible
- directory listing is still enabled
- PHP execution is not blocked
- changes appear to have no effect
Why This Happens
Server-level rules depend on your hosting environment and configuration.
This issue may occur if:
- your server does not support the required rule type
- configuration overrides are disabled
- rules are not being read or applied
- another configuration is overriding the rules
How to Fix It
Try the following steps:
1. Confirm Your Server Type
- identify whether you are using Apache, Nginx, or IIS
- ensure the control you applied is supported in your environment
2. Check Apache Configuration (.htaccess)
If using Apache:
- ensure
.htaccessoverrides are enabled (AllowOverride) - confirm the file exists and is readable
- verify no conflicting rules are present
3. Check Nginx Configuration
If using Nginx:
- note that
.htaccessis not supported - apply rules manually in your Nginx configuration
- reload or restart the server after changes
4. Check IIS Configuration (web.config)
If using IIS:
- confirm the
web.configfile is present - ensure rules are applied correctly
- check for higher-level overrides
5. Review Hosting Restrictions
- some hosting providers restrict server-level configuration
- verify whether your hosting plan allows these changes
- consult your hosting provider if needed
What to Expect After Fixing
After resolving the issue:
- server rules should take effect immediately
- restricted behavior should function as expected
- hardening controls will apply correctly
How to Verify
- test access to restricted files or endpoints
- confirm expected responses (e.g., 403 Forbidden)
- re-check behavior after applying fixes
When to Seek Help
If the issue persists:
- note your server type and hosting environment
- document the specific control applied
- include any relevant error messages
- contact support with details
Key Principle
Server-level protections depend on your environment.
Understanding your server configuration is essential for effective hardening.