use litespeed cache only for non logged in users

[wanah]

Hello,

We are trying to use LiteSpeed Cache to fight off a Layer 7 DDOS attack, the attacker targest the pages that use the most ressources (PHP image generation or MySQL calls) and calls these URL's from about 5000 different IP's that often change.

This is a custom PHP script so we were able to create a cookie for logged in users.

This is what We have done so far :

<IfModule LiteSpeed>
    CacheLookup public on
    RewriteEngine on
 
    # Default cache for all pages
    RewriteCond %{HTTP_COOKIE} !^.*user_logged_in=yes.*$ [NC]
    RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed)$
    RewriteCond %{REQUEST_URI} !/(login|subscribe)\.php$
[NC]
    RewriteRule .* - [E=Cache-Control:max-age=3600]
</IfModule>

Now how can we trun of the cache lookup for users who have a user_logged_in cookie ? Would we add something like this :

    RewriteCond %{HTTP_COOKIE} ^.*user_logged_in=yes.*$ [NC]
    RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed)$
    RewriteRule .* - [E=Cache-Control:none]

Would that be enough to stop cache lookups from hapeing for users that are logged in ? or would we need to somehow specify CacheLookup public off for those users ? If so, how can this be done ?

Thanks

 

[NiteWave]

I think following rules are enough:

<IfModule LiteSpeed>
    RewriteEngine on
 
    RewriteRule .* - [E=Cache-Control:no-cache]

    # Default cache for all pages
    RewriteCond %{HTTP_COOKIE} !^.*user_logged_in=yes.*$ [NC]
    RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed)$
    RewriteCond %{REQUEST_URI} !/(login|subscribe)\.php$[NC]
    RewriteRule .* - [E=Cache-Control:max-age=3600]
</IfModule>

but need confirm / verify in the production server.

note: for cookie "user_logged_in=yes", take care of its expiration date, not set it too short.