Support

webizen · #11 03-14-2011, 01:17 AM

File upload is ok once commented out this line in /usr/local/lib/php.ini

Quote:

suhosin.upload.verification_script = "/etc/cxs/cxscgi.sh"

mihanwebhost · #12 03-14-2011, 01:40 AM

thanks :x

i have one problem i cant switch to apache to compile my php from easy apache
/usr/local/apache/bin/httpd
and i replaced it with httpd file
but my problem not fixed

webizen · #13 03-14-2011, 09:41 AM

Further checking reveals that Apache could not start because mod_auth_passthrough.so file was in the wrong folder /usr/local/apache/modules/modules! Most likely it was messed up when you copied files around.

Quote:

root@mydc [/usr/local/apache/bin]# /scripts/restartsrv_httpd
httpd: Syntax error on line 34 of /usr/local/apache/conf/httpd.conf: Cannot load /usr/local/apache/modules/mod_auth_passthrough.so into server: /usr/local/apache/modules/mod_auth_passthrough.so: cannot open shared object file: No such file or directory

root@mydc [/usr/local/apache/bin]# ls ../modules/
./ ../ mod_perl.so* modules/
root@mydc [/usr/local/apache/bin]# ls ../modules/modules/
./ httpd.exp mod_auth_passthrough.so* mod_bw.so* mod_frontpage.so* mod_security2.so*
../ libphp5.so* mod_bwlimited.so* mod_disable_suexec.so* mod_perl.so* mod_suphp.so*

root@mydc [/usr/local/apache/bin]# ls -l ../modules/
total 1396
drwxr-xr-x 3 root root 4096 Mar 14 01:21 ./
drwxr-xr-x 18 root root 4096 Mar 14 01:21 ../
-rwxr-xr-x 1 root root 1409919 Mar 14 01:21 mod_perl.so*
drwxr-xr-x 2 root root 4096 Mar 14 01:21 modules/

root@mydc [/usr/local/apache/bin]# ls -l ../modules/modules/
total 22508
drwxr-xr-x 2 root root 4096 Mar 14 01:21 ./
drwxr-xr-x 3 root root 4096 Mar 14 01:21 ../
-rw-r--r-- 1 root root 9106 Mar 14 01:21 httpd.exp
-rwxr-xr-x 1 root root 20216303 Mar 14 01:21 libphp5.so*
-rwxr-xr-x 1 root root 10209 Mar 14 01:21 mod_auth_passthrough.so*
-rwxr-xr-x 1 root root 9433 Mar 14 01:21 mod_bwlimited.so*
-rwxr-xr-x 1 root root 29544 Mar 14 01:21 mod_bw.so*
-rwxr-xr-x 1 root root 5776 Mar 14 01:21 mod_disable_suexec.so*
-rwxr-xr-x 1 root root 51044 Mar 14 01:21 mod_frontpage.so*
-rwxr-xr-x 1 root root 1409919 Mar 14 01:21 mod_perl.so*
-rwxr-xr-x 1 root root 1173890 Mar 14 01:21 mod_security2.so*
-rwxr-xr-x 1 root root 60119 Mar 14 01:21 mod_suphp.so*
root@mydc [/usr/local/apache/bin]#

It is OK now. You can switch between Apache and LiteSpeed.

webizen · #14 03-14-2011, 12:53 PM

Update:

The file /etc/cxs/cxscgi.sh is empty (all lines are commented out) except for the first line "#!/bin/sh"

According to suhosin document (http://www.hardened-php.net/suhosin/...ication_script), it needs something like "echo 1" as its first line to allow upload.

Quote:

The called script has to write a 1 as first line to standard output to allow the upload. Any other value or no output at all will result in the file being deleted.

Added that line ("echo 1") to the script and uncommented the line in /usr/local/lib/php.ini. file upload is working.

Quote:

suhosin.upload.verification_script = "/etc/cxs/cxscgi.sh"

So the cause of "File upload stopped by extension" error is /etc/cxs/cxscgi.sh script not having "1" as first line in standard output (no output in this case).

Rezaa · #15 12-08-2011, 04:08 AM

Hello,

I'm using CXS for scanning uploaded files and prevent users from uploading malicious files to the server.
But recently my server load is growing up and sometimes becomes too high (more than 20 or even 30) due to high traffics on apache.
My server manager suggesting me to get litespeed. But as CXS official website says, litespeed does not support some mod_security rules that needed by CXS, So it seems CXS will not work with litespeed.

But I see this guy is using CXS along with Litespeed! Isn't it ?
Does it make any problem?
Does CXS really works along with Litespeed?

Please correct me if I'm wrong. I seriously need the power of both CXS and Litespeed on my server (one for security and another one for speed)

webizen · #16 12-08-2011, 10:14 AM

if your upload is handled via php, cxs should work with litespeed via suhosin hook (see cxs install.txt for how to enable suhosin hook).

Rezaa · #17 12-08-2011, 10:22 AM

What about FTP uploads?

webizen · #18 12-08-2011, 10:35 AM

that has nothing to do with litespeed.

http://configserver.com/cp/cxs.html

Quote:

Pure-ftpd, compiled with --with-uploadscript for ftp upload scanning