How to blacklist certain routes - lwsjs/local-web-server GitHub Wiki

By default, access to all files is allowed (including dot files). If you prefer to forbid certain routes, pass express-style route expressions to --blacklist:

$ ws --blacklist '*.json' '*.php'
Serving at http://mbp.local:8000, http://127.0.0.1:8000, http://192.168.0.100:8000

In a separate terminal:

$ curl -I http://127.0.0.1:8000/something.php 
HTTP/1.1 403 Forbidden
Vary: Origin
Date: Wed, 21 Jun 2017 12:25:16 GMT
Connection: keep-alive