[Resolved] Lightspeed and hosting provider - Fails

Discussion in 'General' started by Morpheus, May 21, 2010.

  1. Morpheus

    Morpheus New Member

    All of the sudden my website started failing to display items and after tinkering awhile i commented out the htaccess files that had 'Deny from all' in them and my site went back to normal. I contacted my hosting provider TMDHosting and they came back with this:

    ----------\
    It seems that there should be an issue with some of the rewrite URLs your website is using and the LightSpeed http service running on the server. The options to have the issue resolved are:

    1. You may request from your website developers to recreate the rewrite rules for the website compatible with LightSpeed web service.
    2. If you would like we will migrate your website to a server with normal Apache. If all the rewrite URLs are correct for the regular Apache web service the issue should be resolved.
    ----------/

    I'm running a Zikula website. Here is what the htaccess looks like:

    File: $Id: .htaccess 26262 2009-08-20 05:35:53Z drak $
    # ----------------------------------------------------------------
    # Purpose of file: block any web access to files stored under
    # the modules/ directory
    # ----------------------------------------------------------------
    SetEnvIf Request_URI "\.css$" object_is_css=css
    SetEnvIf Request_URI "\.js$" object_is_js=js
    SetEnvIf Request_URI "\.jpg$" object_is_jpg=jpg
    SetEnvIf Request_URI "\.gif$" object_is_gif=gif
    SetEnvIf Request_URI "\.png$" object_is_png=png
    SetEnvIf Request_URI "\.tif$" object_is_tif=tif
    SetEnvIf Request_URI "\.swf$" object_is_swf=swf
    SetEnvIf Request_URI "\.flv$" object_is_flv=flv
    SetEnvIf Request_URI "\.ico$" object_is_ico=ico
    SetEnvIf Request_URI "\.cur$" object_is_ico=cur
    Order deny,allow
    Deny from all
    Allow from env=object_is_css
    Allow from env=object_is_js
    Allow from env=object_is_jpg
    Allow from env=object_is_gif
    Allow from env=object_is_png
    Allow from env=object_is_tif
    Allow from env=object_is_swf
    Allow from env=object_is_flv
    Allow from env=object_is_ico
    Allow from env=object_is_cur

    I'm really not sure what I need to do here other then having them move my website?
    Last edited by a moderator: May 22, 2010
  2. mistwang

    mistwang LiteSpeed Staff

    Current LiteSpeed does not support

    Allow from env=

    You can change those logic to using a rewrite rule, it more efficient.
  3. Morpheus

    Morpheus New Member

    Can you give me an example? I'm at a complete loss here.
  4. NiteWave

    NiteWave Administrator

    try this in .htaccess:
    Code:
    RewriteEngine On
    RewriteCond %{Request_URI} !\.(css|js|jpg|gif|png|tif|swf|flv|ico|cur)$
    RewriteRule (.*)	- [F]
    
  5. Morpheus

    Morpheus New Member

    Ok,

    The only thing in the htaccess file is what you posted. I'm not actually sure what this does. How can I tell if it's working? What exactly is it doing?

    Thanks...
  6. NiteWave

    NiteWave Administrator

    only files with one of extensions --- css|js|jpg|gif|png|tif|swf|flv|ico|cur are allowed to access under this folder and all sub folders.

    otherwise, access to files with other extensions will return "403 Forbidden"
  7. Morpheus

    Morpheus New Member

    The problem occurred when my host apparently installed lightspeed. The changes you suggest, I did just completed on all my htaccess files that were formatted similar to the one I posted. Some only had html and some had gif,png,jpg. I formatted each to the example you gave to include the extensions that were only included in that particular htaccess file. All seems to be working. Now if for whatever reason my host needs to transfer my site to a non-lightspeed server will the changes I made be compatible?

    The htaccess files were the original from my CMS. Should the developers be releasing the CMS with these changes to be more robust for the end user?

    Thanks...
  8. NiteWave

    NiteWave Administrator

    yes, they are apache directives. as long as the web server is apache or litespeed, these directives works.

    you can suggest them. despite of efficiency, at least the code is shorter than original one.
    Last edited: May 21, 2010
  9. Morpheus

    Morpheus New Member

    I think two more quick questions;

    1) Do in need to start out each htaccess file with 'RewriteEngine On'?

    2) I wasn't sure about this 'you can suggest them. despite of efficiency'; are you saying that the new way is more or less effecient?

    :)

    Thank you so much for the help.
  10. NiteWave

    NiteWave Administrator

    1)yes.if no "RewriteEngine On", RewriteCond or RewriteRule won't work and will be ignored. However, if .htaccess has no RewriteCond or RewriteRule, you needn't "RewriteEngine On".

    2)I think the new way is more efficient and obviously. However, I haven't tested it so without hard evidence...
  11. brrr

    brrr New Member

    I am assuming this means directives like this in .htaccess will also fail to function under Litespeed:

    Code:
    BrowserMatchNoCase ^WWW-Mechanize BadRobot
    BrowserMatchNoCase ^Xenu BadRobot
    BrowserMatchNoCase "Y!OASIS/TEST" BadRobot
    BrowserMatchNoCase "YebolBot" BadRobot
    BrowserMatchNoCase "ZeW" BadRobot
    BrowserMatchNoCase ^Zip BadRobot
    BrowserMatchNoCase "ZmEu" BadRobot
    
    <Files *>
    Order Allow,Deny
    Allow from all
    Deny from env=BadRobot
    </Files>
    
    That could mean some hassles.
  12. NiteWave

    NiteWave Administrator

    The rewrite equivalence:
    Code:
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^(WWW-Mechanize|Xenu|Zip) [OR,NC]
    RewriteCond %{HTTP_USER_AGENT} .*(Y!OASIS/TEST|YebolBot|ZeW|ZmEu).* [NC]
    RewriteRule (.*) - [F]
  13. brrr

    brrr New Member

    Thank you for that code NiteWave. Much appreciated. It will help out some users who relied on .htaccess under Apache to do bot-blocking.
  14. Morpheus

    Morpheus New Member

    I think we almost got what we need but trying to be, I guess, backward compatable? This seems to fail at the if statements. Does this look right, or suggestions?

    Code:
    # Default to the mod_rewrite method, since it seems more efficient.
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond %{Request_URI} !\.(css|js|jpg|gif|png|tif|swf|flv|ico|cur)$ [NC]
        RewriteRule .* - [F]
    </IfModule>
    
    # If mod_rewrite is not loaded, fall back to mod_setenvif method.
    <IfModule !rewrite_module>
        SetEnvIf Request_URI "\.css$" object_is_css=css
        SetEnvIf Request_URI "\.js$" object_is_js=js
        SetEnvIf Request_URI "\.jpg$" object_is_jpg=jpg
        SetEnvIf Request_URI "\.gif$" object_is_gif=gif
        SetEnvIf Request_URI "\.png$" object_is_png=png
        SetEnvIf Request_URI "\.tif$" object_is_tif=tif
        SetEnvIf Request_URI "\.swf$" object_is_swf=swf
        SetEnvIf Request_URI "\.flv$" object_is_flv=flv
        SetEnvIf Request_URI "\.ico$" object_is_ico=ico
        SetEnvIf Request_URI "\.cur$" object_is_cur=cur
        Order deny,allow
        Deny from all
        Allow from env=object_is_css
        Allow from env=object_is_js
        Allow from env=object_is_jpg
        Allow from env=object_is_gif
        Allow from env=object_is_png
        Allow from env=object_is_tif
        Allow from env=object_is_swf
        Allow from env=object_is_flv
        Allow from env=object_is_ico
        Allow from env=object_is_cur
    </IfModule>
  15. NiteWave

    NiteWave Administrator

    tested your code in local lsws, it's working.

    but I think the 2nd part
    <IfModule !rewrite_module>
    really not necessary. it adds extra overhead.
    mod_rewrite is a very basic module and it's hard to imagine apache without rewrite module existing in any hosting provider.
  16. Morpheus

    Morpheus New Member

    It seems that Lightspeed is processing all IFModule statments. If the first IFModule statement is true, then it should gracefully exit without running the second IFModule routine, but it doesn't. Is there a way to accomplish this?

    Also how do you create a rewrite rule that will replace this:

  17. NiteWave

    NiteWave Administrator

    I think need go through .htacess, since there may be other directives in the file.

    A rewrite equivalent for "Deny from all":
    Code:
    RewriteEngine On
    RewriteRule .* - [F]
  18. Morpheus

    Morpheus New Member


    In the below example only, after the first IFModule statement is read it should exit before reading in the next IFModule statement but it doesn't. Is there a way to do this in the htaccess file?

    Code:
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond %{Request_URI} !\.(css|js|jpg|gif|png|tif|swf|flv|ico|cur)$ [NC]
        RewriteRule .* - [F]
    </IfModule>
    
    <IfModule !rewrite_module>
    RewriteEngine On
    RewriteRule .* - [F]
    </IfModule>

Share This Page