Newbie questions

Farzin · Mar 10, 2011

hi , i am new to litespeed and i have migrated from apache/cpanel after using it for 1.5 years. now i am a bit confused about how can i set/configure different modules that i used with apache for litespeed ?

1-in cpanel apache configuration , there was include files which apache used to read , now i see those lines are still included in litespeed httpd.conf file but those modules are not running anymore . what should i do ?
for example :
cpanel --> Main >> Service Configuration >> Apache Configuration >> Include Editor --> Pre Main Include

Code:

LoadModule cband_module       /usr/local/apache/modules/mod_cband.so
LoadModule limitipconn_module /usr/local/apache/modules/mod_limitipconn.so

2- how can i see extended status like the one apache had in litespeed to see what is acctually going on in the hosts on the server ?

Code:

#service httpd fullstatus

3-about suphp config per user , and php.ini configuration per user , should i build a virtual host for every host that i have in my server so that i can set a php.ini file for each one of them? and also i have seen that lsws only uses user directory , for example /home/user1/ and i cannot set dir outside the user home directory for ini files ? for example i used to have all users ini files in this directory : /home/ini/user1/php.ini , /home/ini/user2/php.ini ...

http://www.litespeedtech.com/suppor...speed_wiki:per_user_ini_in_control_panel_lsws

4-what about directory index priority and allow override functions ?
cpanel and apache had a setting for them which i donot see it in litespeed .

Code:

cpanel --> Main >> Service Configuration >> Apache -->ConfigurationDirectoryIndex Priority

i see that litespeed has control over .htaccess files , but what if i want some hosts not to use indexes ? so that when some one creates a directory and browses to that directory , browser shows the files inside that dir ?

5-about mod security , as i have read lite speed uses some other functions like mod security but with the same rules/commands , where should i set my mod security rules in litespeed ?

i`ll be thankful if someone gives me his time and answers my questions completely . thanks in advanced.

NiteWave · Mar 10, 2011

1. for apache modules:
mod_limitipconn
mod_cband
mod_bw
mod_evasive
litespeed has better (in general) anti-ddos features built-in. it can be configured through admin console->server->security

2.admin console->click on "Actions" ( on the right of "Home")

5.we're working on full compatible with mod_security 2.5. the usage is same as apache.

regarding 3,4, will do some testing and reply

Farzin · Mar 10, 2011

hi thanks for the reply.
5-about mod security , can i use mod security interface which is in whm/cpanel ? or should i place the rules somewhere else , so that litespeed uses them ?

2-about apache full status , i meant apache detailed status which when extended status was active , i could have both from cpanel and ssh with the command i wrote earlier. which was very complete because i could easily understand which ip is using which host/files on the server and how many connections it opened and so many other details.

i mean this status page :

Code:

Apache Server Status for localhost

  [B] Server Version: Apache/2.2.16 (Unix) mod_ssl/2.2.16
          OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_perl/2.0.4
          Perl/v5.8.8[/B]

   Server Built: Aug 15 2010 09:50:04
     _________________________________________________________________

   Current Time: Friday, 04-Mar-2011 19:12:50 IRST
   Restart Time: Friday, 04-Mar-2011 18:25:41 IRST
   Parent Server Generation: 0
   Server uptime: 47 minutes 9 seconds
   Total accesses: 346214 - Total Traffic: 307.0 GB
   CPU Usage: u384.42 s157.16 cu2403.91 cs0 - [COLOR="#ff0000"]134% CPU load[/COLOR]
   122 requests/sec - 111.1 MB/second - 0.9 MB/request
   624 requests currently being processed, 1 idle workers

CWKCWKWWWWWWWKKWKCKWKWWKKKWKWWRWKWKWKKKWWWCWWKCWKKWWWWKKWKWWWKWW
WWRWWCKKKWKWCKWCWWRWWKWWWWKKCWKWWWWWWKKWKWWWWWKRWWKKWWWWKWK.WWWW
WWKW.WWKWKWKWWKWK.CWWWWKRRKKWKW.WWKCKKKWKCRRWWKWWKWKWWKKKKKWWWWW
WKWCKRKCKWWWCKKRWKWWCKWWWKWRK.WWKKKK.KKKWKWWWWWKW.WKK.KKKKCKKWWW
WWWK.KWKWWKKKKKWKWWK.WW_WKWKWWR.KWKWWWWCWK.WKKKKWWKWKK.KW.KKWKWW
.CW.KWWWWWKRKW.WWKWWW.RRCWWCWKCWKWKKKWKWKKCWKKKWKK.WWC.RWWWCKWWW
KWWKKKKKKWW.KWWKKWKW.KWWCKKWKKWKWKKCWWKWKKWWWWWWWWW.WWKKWKKC.KWW
KKWWKWKKKKWWKKCCKKW.WWKW..WWC.W...KK..KWWWKW.WW.WKW.WKW.....K.KK
..RKKWWW...WW.WKC.WKK.W.KWWWW.KKW..KW...W.KKWWKWKWK.K.W..R......
...W.C..K....K....K..R..WKKWWW..W....KRK..W......W.....WW.W...W.
.K.K.......W.WK...WK.KWW....W....C..K.KKW.W......K...KW.KW..WWW.
.K...W.KKK..WWW.W.WKK.K.W.W.KW.W.W.KK.W.WKKW...K.....WW.W..KK...
.K.KKCW..W.....WKK...KKW.W.WKK..WW....W..W..W...W.........WWWW..
WW.KCWK..W..K.K.W........R.K....................................
................................................................
................................................................
................................................................

at current time the last connection is :
[COLOR="Red"]861-[/COLOR]0	-	0/0/57	. 	2.74	627	0	0.0	0.00	0.10 	127.0.0.1	server2	OPTIONS * HTTP/1.0

webizen · Mar 10, 2011

Farzin said:

For mod security, you just use the interface in whm/cpanel. You can try 4.1RC5 for full modsec 2.5 support. Download the package from below (choose the one for your platform), run 'install.sh' from expanded folder and choose U(grade) option to preserve your existing configurations.

http://www.litespeedtech.com/packages/4.0/lsws-4.1RC5-ent-x86_64-linux.tar.gz
http://www.litespeedtech.com/packages/4.0/lsws-4.1RC5-ent-i386-linux.tar.gz

For server status, you should look at the real-time stats in LSWS (Admin Web Console -> Actions -> Real-Time Stats).

NiteWave · Mar 11, 2011

regarding 2, in addition to admin console's Real-time stats, lsws will support apache's mod_status, may be what you're familiar with. please refer http://www.litespeedtech.com/support/forum/showthread.php?t=4601 for status: "it's on the roadmap of our official 4.1 release..."

regarding 3, the wiki page has updated. if you want to use /home/ini/user1/php.ini , may have to use PHPIniDir

regarding 4, while I haven't done experiment yet, I think lsws is compatible with apache in this regards -- just do what changes in cPanel, as if apache is running . the change should apply for litespeed as well. if not, please give an example for us to reproduce.

Farzin · Mar 11, 2011

ok thanks for the answers ,
about extended status i`ll be waiting for later releases of litespeed.

about 3 , i`m using php 5.2.16 so i`ll try to learn the usage of that function till tonight and i`ll let you know the result if i faced any problems.

about 4 , i use the method explained in such sites to configure both php.ini and suphp configuration per user , under cpanel and apache with suexec.
http://www.sant-media.co.uk/2010/02/whmcpanel-per-user-php-ini-under-apache-2-x-and-suphp/

so i created a dir for all of php.ini files , and /usr/local/apache/conf/std/userdata/2/user1/user1.conf for suphp config files. and with that suphp config files i have set many security rules like shell code execution blocking and allow override controlling and php.ini addressing per directory for every host.
in cpanel with directory index priority setting we can set which index file being read first . for example in root dir of a host ( public_html ) there are both index.html and index.php files , and we want apache to read index.html first instead of index.php . this could be set from that cpanel function. which as i see is still in httpd.conf file which litespeed generated.

Code:

# DirectoryIndex is set via the WHM -> Service Configuration -> Apache Setup -> DirectoryIndex Priority
DirectoryIndex index.html.var index.htm index.html index.shtml index.xhtml index.wml index.perl index.pl index.plx index.ppl index.cgi index.jsp index.js index.jp index.php4 index.php3 index.php index.phtml default.htm default.html home.htm index.php5 Default.html Default.htm home.html

here is a user suphp.conf file :

Code:

<IfModule mod_suphp.c>
suPHP_ConfigPath /home/ini/user2/

AddHandler cgi-script .php1 .php2 .php3 .php4 .php5 .php6 .php7 .php8 .php9 .phtml .c .txt .pl .py .jsp .asp .shtml .sh .cgi
Options -ExecCGI -Indexes

<Directory /home/user2/public_html>
	Options All -ExecCGI -Indexes
	AllowOverride AuthConfig Indexes Limit Fileinfo
	suPHP_ConfigPath /home/ini/user2/
</Directory>

<Directory /home/user2/public_html/shop/>
	Options All -ExecCGI -Indexes 
	AllowOverride AuthConfig Indexes Limit Fileinfo
	suPHP_ConfigPath /home/ini/user2/shop/
</Directory>


</IfModule>

which is not loading at all ! all php.ini configurations and also .htaccess and allow override functions which i defined for my different users are not working with LiteSpeed.

maybe if i remove that ifmodule , litespeed reads those configurations ? because i saw alerts about reading this configs :

Code:

2011-03-11 00:15:41.692	INFO	Processing config directory: /usr/local/apache/conf/userdata/std/2

2011-03-06 04:19:17.554 [WARN] /usr/local/apache/conf/userdata/std/2/user1/user1.conf:11: Directive 'suPHP_ConfigPath' is not allowed in current context.

as you see i have blocked directory listing by #options -indexes , so when i dont set this , or when i set #options All , when i create a new folder (/public_html/1) and i go to its address with browser (site.com/1/) there will be list of the files inside that dir (file1.bmp , file2.jpg ... ) but now with litespeed , when it controlls htaccess files itself and there is 1 setting for all hosts , how can i give directory access to one user and block it for others ? and also how should i set different ini files for different directories in one host ?
i wish i have explained it completely and you help me with my case . thanks in advanced for taking time anyway. please give me suggestion so that i change my settings to a rule that litespeed detects.

NiteWave · Mar 11, 2011

here's my suggestion if I read right:
using PHPRC:
PHPRC=$VH_ROOT/myphp.ini

then in $VH_ROOT(for example /home/user2), create symbol link:
ln -s /home/ini/user2/php.ini /home/user2/myphp.ini

Farzin · Mar 12, 2011

dear niteWave , what you suggested is for php.ini , what about working with suphp and allow override functions per user/directory in litespeed ?
please read my last post and examples again and see if my suphp configuration per user can be applied in litespeed too or not ? thanks

this is about 1 week that i`m with litespeed , every thing is just fine except the things i need and i had with apache

i dont know whether stay with lite or return to apache which with those rules i could block some shell commands and secure my server that way . with litespeed now every one can upload and execute shell file/codes to the hosts

NiteWave · Mar 12, 2011

let's go ahead step by step.

php suExec must be enabled for PHPRC to take effect.

admin console->Configuration->Server->
Using Apache Configuration File->PHP suEXEC:Yes

since this warning

you can comment lines which start with suPHP_ConfigPath in suphp.conf

litespeed's "PHPRC=$VH_ROOT/myphp.ini" should do the same job of
suPHP_ConfigPath /home/ini/user2/

as for "suPHP_ConfigPath /home/ini/user2/shop/" ... ok, finally I got what you want.

above settings: enable PHP suExec+PHPRC settings should meet your per-user php(each user run php with different php.ini) requirement. further, you need per directory php override/settings?

it's still possible for lsphp. lsphp support
php_value name value
php_flag name on|off
in .htaccess for per-directory php settings.

for example,
php_value memory_limit 16M

however, this need some conversion work at your side.

If not wrong, suPHP you mentioned is running in cgi mode. It may be most flexible but worst performance. while lsphp is running in fcgi mode, much better performance yet support directory level php parameter adjustment. We did benchmark before to compare suPHP(in CGI mode) with mod_php, lsphp, please refer http://blog.litespeedtech.com/2010/...ving-simple-php-litespeed-vs-apache-vs-nginx/

Farzin · Mar 13, 2011

thanks i didnt have time to test this , i`ll test and let u know as soon as possible . i`m too busy these days .

the main problem of this way that litespeed is working is that i must use local .htaccess files , even if i chmod them as root , and have some codes inside them , the .htaccess file is inside user directory and thus the user will notify how i blocked him and what is limited for him which is not good. and also many scripts need their local .htaccess files to run correctly and if i want the main .htaccess file be owned by root , then how should the user have his script work.

i need to address suexec or suphp to read another config file for each user . like what suphp had in /usr/local/apache/conf/userdata/std/2/user1/user1.conf for example.
and this being outside user homedir and user access.

also in cpanel , my php was running in suphp mode , not dso or not cgi/fcgi . and now lite speed is working in fcgi i think.

ok i think instead of ifModule commands for suPHP i must search for equivalent rules for PHP_Value and address them to each user as you said.

the strange thing is that , even when i havent configured this php.ini or suexec configurations some of shell code blockings are functioning ( for example i have blocked access to .htm and .js online editor for a user , and its still blocked . how ?

i dont know .

NiteWave · Mar 13, 2011

got it. so
php_value memory_limit 16M
etc directives, have to put in /usr/local/apache/conf/userdata/std/2/user1/user1.conf instead of .htaccess

Newbie questions

Farzin

Member

NiteWave

Administrator

Farzin

Member

webizen

Well-Known Member

NiteWave

Administrator

Farzin

Member

NiteWave

Administrator

Farzin

Member

NiteWave

Administrator

Farzin

Member

NiteWave

Administrator