A setenv question

#1
So, we've migrated some 20+ VMs from apache to LS, and, for the most part, they're going great. However, one bit of functionality we had before is missing, any thoughts on how to reimplement it?

The idea;
Check for a bit set by php on a remote server, or certain IP'ss and allow the request... Otherwise, deny.

Global apache rule (works with apache):
Code:
<Location />
SetEnvIfNoCase ^arg$ .+ allowed=1
SetEnvIfNoCase Remote_Addr (127\.0\.0\.1) allowed=1
Order Deny,Allow
Deny from All
Allow from env=allowed
</Location>
Unfortunately, I didn't write the previous code, and the previous developer (who did write it) is no longer available, so any help on how to get this working in LS would be greatly appreciated
 

NiteWave

Administrator
#2
>SetEnvIfNoCase ^arg$ .+ allowed=1
not sure what "arg" here mean, an http request header?

if so, try following rewrite rules:
<Location />
RewriteEngine on
RewriteCond %{HTTP:arg} ^$
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteRule (.*) - [F,L]
</Location>

are lsws the latest 4.2.14?
 
#3
>SetEnvIfNoCase ^arg$ .+ allowed=1
not sure what "arg" here mean, an http request header?
Check for a bit set by php on a remote server, or certain IP'ss and allow the request... Otherwise, deny.
Rewrite won't deny much of anything, I don't see why this isn't implemented in LS, honestly... The only problem I've seen so far, not being able to take environment variables like this and do what should be done here.
 
#5
@mistwang - do you have a ballpark rough estimate for when 5.0 will be released? ie 3 months, 6 months, 1 year...
The reason I am asking is because I have a software app that uses the SetEnv directive and I could dumb down the current htaccess code in the meantime if the 5.0 release is going to be in the far future. Thanks.
 

mistwang

LiteSpeed Staff
#6
SetEnv is upported in 4.2 already, your app may work just fine with 4.2 .
If any problem, just show us the SetEnv directives used, we will see whether it should be supported in 4.2 or not.

We hope we can release 5.0 by the end of this year. The 5.0RC is getting ready for production uses.
 
#7
Here is the code. Thanks for the very quick response, info and verifying compatibility. Very much appreciated.

# BEGIN WHITELIST: Frontend Loading Website Plugin scripts/files
SetEnvIf Request_URI "/bulletproof-security/400.php$" whitelist
SetEnvIf Request_URI "/bulletproof-security/403.php$" whitelist
# END WHITELIST

<FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|html5|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$">
Order Allow,Deny
Allow from env=whitelist
Allow from example.local
Allow from 127.0.0.1
# BEGIN PUBLIC IP
Allow from 127.0.0.1
# END PUBLIC IP
</FilesMatch>
 
#10
On a personal note I am very impressed with how INCREDIBLY FAST!!! LiteSpeed is. I have several customers using LiteSpeed and their website performance is incredibly FAST. I am currently researching Hosts that offer LiteSpeed. ;)
 
#11
@mistwang - We have created alternative htaccess code that works fine for LiteSpeed so if anyone else is looking for that alternative code then this is a very simple solution below:

# BEGIN WHITELIST: Frontend Loading Website Plugin scripts/files
RewriteRule ^bulletproof-security/400.php - [L]
RewriteRule ^bulletproof-security/403.php - [L]
RewriteRule ^bulletproof-security/410.php - [L]
RewriteRule ^bulletproof-security/isl-logout.php - [L]
# END WHITELIST
#
# FORBID REMOTE ACCESS TO THESE PLUGIN FILE TYPES FROM ANYONE EXCEPT YOU
RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|html5|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$ [NC]
# BEGIN PUBLIC IP
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
# END PUBLIC IP
RewriteRule ^(.*)$ - [F]
 
Top