A setenv question

Discussion in 'Apache Migration/Compatibility' started by twhiting9275, Sep 16, 2014.

  1. twhiting9275

    twhiting9275 Member

    So, we've migrated some 20+ VMs from apache to LS, and, for the most part, they're going great. However, one bit of functionality we had before is missing, any thoughts on how to reimplement it?

    The idea;
    Check for a bit set by php on a remote server, or certain IP'ss and allow the request... Otherwise, deny.

    Global apache rule (works with apache):
    Code:
    <Location />
    SetEnvIfNoCase ^arg$ .+ allowed=1
    SetEnvIfNoCase Remote_Addr (127\.0\.0\.1) allowed=1
    Order Deny,Allow
    Deny from All
    Allow from env=allowed
    </Location>
    
    Unfortunately, I didn't write the previous code, and the previous developer (who did write it) is no longer available, so any help on how to get this working in LS would be greatly appreciated
     
  2. NiteWave

    NiteWave Administrator

    >SetEnvIfNoCase ^arg$ .+ allowed=1
    not sure what "arg" here mean, an http request header?

    if so, try following rewrite rules:
    <Location />
    RewriteEngine on
    RewriteCond %{HTTP:arg} ^$
    RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
    RewriteRule (.*) - [F,L]
    </Location>

    are lsws the latest 4.2.14?
     
  3. twhiting9275

    twhiting9275 Member

    Rewrite won't deny much of anything, I don't see why this isn't implemented in LS, honestly... The only problem I've seen so far, not being able to take environment variables like this and do what should be done here.
     
  4. mistwang

    mistwang LiteSpeed Staff

    It is on our todo list for 5.0 release.
    It can be implemented with rewrite rules.
     
  5. AITpro

    AITpro Member

    @mistwang - do you have a ballpark rough estimate for when 5.0 will be released? ie 3 months, 6 months, 1 year...
    The reason I am asking is because I have a software app that uses the SetEnv directive and I could dumb down the current htaccess code in the meantime if the 5.0 release is going to be in the far future. Thanks.
     
  6. mistwang

    mistwang LiteSpeed Staff

    SetEnv is upported in 4.2 already, your app may work just fine with 4.2 .
    If any problem, just show us the SetEnv directives used, we will see whether it should be supported in 4.2 or not.

    We hope we can release 5.0 by the end of this year. The 5.0RC is getting ready for production uses.
     
  7. AITpro

    AITpro Member

    Here is the code. Thanks for the very quick response, info and verifying compatibility. Very much appreciated.

    # BEGIN WHITELIST: Frontend Loading Website Plugin scripts/files
    SetEnvIf Request_URI "/bulletproof-security/400.php$" whitelist
    SetEnvIf Request_URI "/bulletproof-security/403.php$" whitelist
    # END WHITELIST

    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|html5|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$">
    Order Allow,Deny
    Allow from env=whitelist
    Allow from example.local
    Allow from 127.0.0.1
    # BEGIN PUBLIC IP
    Allow from 127.0.0.1
    # END PUBLIC IP
    </FilesMatch>
     
  8. mistwang

    mistwang LiteSpeed Staff

    wont work with 4.2, it is on the to-do list of 5.0.
     
  9. AITpro

    AITpro Member

    Awesome support! Thanks for verifying this. Thanks
     
  10. AITpro

    AITpro Member

    On a personal note I am very impressed with how INCREDIBLY FAST!!! LiteSpeed is. I have several customers using LiteSpeed and their website performance is incredibly FAST. I am currently researching Hosts that offer LiteSpeed. ;)
     
  11. AITpro

    AITpro Member

    @mistwang - We have created alternative htaccess code that works fine for LiteSpeed so if anyone else is looking for that alternative code then this is a very simple solution below:

    # BEGIN WHITELIST: Frontend Loading Website Plugin scripts/files
    RewriteRule ^bulletproof-security/400.php - [L]
    RewriteRule ^bulletproof-security/403.php - [L]
    RewriteRule ^bulletproof-security/410.php - [L]
    RewriteRule ^bulletproof-security/isl-logout.php - [L]
    # END WHITELIST
    #
    # FORBID REMOTE ACCESS TO THESE PLUGIN FILE TYPES FROM ANYONE EXCEPT YOU
    RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|html5|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|txt|vb|vbe|vbs|war|ws|wsf|xhtml|z|zip)$ [NC]
    # BEGIN PUBLIC IP
    RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
    # END PUBLIC IP
    RewriteRule ^(.*)$ - [F]
     

Share This Page