Support

NC-Designs · #11 02-06-2011, 06:12 AM

So is there a solution to this?

Access denied directories used to work and should still work as it clearly states in the following text -

Code:

Specifies the directories that should be blocked from access.  Add directories that contain sensitive data to this list to prevent accidentally  exposing sensitive files to clients. Append a "*" to the path to include all sub-directories.  If both Follow Symbolic Link and Check Symbolic Link are enabled, symbolic  links will be checked against the denied directories.

So.. you are coming up with a crap excuse for support and saying that litespeed won't be able to control external web scripts.. LiteSpeed serves the content hence LiteSpeed can simply block the content.

Webizen was completely right in stating

Quote:

An access denied directory is for protecting data inside (such as configurations, sensitive info or something in the middle of updating) from being accessed directly via HTTP (web access from end user). It is mainly for security reason.

Please, look into this seriously. Now i'm not stupid and I have paid a lot of money for this product... I know this feature used to work. And if it isn't to prevent external scripts from getting the data.. What is it there for?

NC-Designs · #12 03-28-2011, 12:17 AM

Come on please...

webizen · #13 03-28-2011, 05:04 PM

Quote:

Originally Posted by webizen

You need to add "concurrent_php" to Ignored Apache modules in Admin Console -> Server -> General tab.

Have you tried this? You can verify if open_basedir is set with a phpinfo page.

NC-Designs · #14 03-29-2011, 12:22 AM

Open_basedir is set yeah but I don't want them to receive such a descriptive error - Litespeed's access denied directories did this perfectly when they were working.

Also open_basedir only prevents PHP scripts from accessing these directories, what about perl exploits that happily list out every single domain on the server?

Regards,
Chris.

mistwang · #15 03-29-2011, 10:32 AM

Quote:

Originally Posted by NC-Designs

Also open_basedir only prevents PHP scripts from accessing these directories, what about perl exploits that happily list out every single domain on the server?

access denied dir never stop perl or CGI script no matter which version of LSWS you use. Feel free to verify that by switching back to older version.
Those scripts run in there own process, talks to linux kernel directly, LiteSpeed has no way to interfere with that, no user land application can do that.

muiruri · #16 07-05-2011, 11:27 PM

In my case, I'm having trouble with several sites running on Miva application. they do not load and give following error;

"403 Forbidden Access to this resource on the server is denied!"

When I check the error details on LSWS console get the following;

[ERROR] [99.999.99.99:3667-0#APVH_domain.com] MIME type [application/x-httpd-miva] for suffix '.mv' does not allow serving as static file, access denied!

How do I make this work?

We've temporary switched back to Apache, because none of the sites running miva will work.

Had seen a post somewhere that may be can use "Script Handler" to define or using the "External App" menu option at the LSWS console.

If this is one of the places to use, which one would I use and what lines should I use? For example what would be the "handler type"?

We have LSWS 4.1.1

Apache works fine and does not have this error.

Regards, Sam

mistwang · #17 07-07-2011, 07:33 PM

get the latest build of 4.1.2 by changing the version number in the download link.
should be addressed.