LF_HTACCESS not working on LiteSpeed servers

sfshayne · Post by **sfshayne** » 31 Oct 2015, 07:45

It would be great if you can add LF_HTACESS support for LiteSpeed as this feature doesn't seem to be compatible with LSWS servers.

marcele · Post by **marcele** » 03 Nov 2015, 13:21

Want to give me a log line sample? I can create a custom rule for you.

sfshayne · Post by **sfshayne** » 28 Nov 2015, 01:04

marcele wrote:Want to give me a log line sample? I can create a custom rule for you.

Hi,

Here you go:

[INFO] [ip.add.re.ss:xxxxx:HTTP2-1] Authentication failed with user: 'username'.

xxxxx = random numerical ID

Thanks.

marcele · Post by **marcele** » 01 Dec 2015, 10:01

Add to /usr/local/csf/bin/regex.custom.pm . This should block a user for 1 day who has 5 failed attempts.:

Code: Select all

if (($config{LF_HTACCESS}) and ($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /\[INFO\] \[(\S+):.*?\] Authentication failed with user: '(\S*)'.$/)) {
		return ("Failed web page login from $2",$1,"htpasswd","5","80,443","86400");
	}

sfshayne · Post by **sfshayne** » 02 Dec 2015, 05:08

marcele wrote:Add to /usr/local/csf/bin/regex.custom.pm . This should block a user for 1 day who has 5 failed attempts.:
Code: Select all
if (($config{LF_HTACCESS}) and ($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /\[INFO\] \[(\S+):.*?\] Authentication failed with user: '(\S*)'.$/)) {
		return ("Failed web page login from $2",$1,"htpasswd","5","80,443","86400");
	}

Thanks but that didn't work for me. I'm trying to make this work on a cPanel server if that makes a difference.

marcele · Post by **marcele** » 02 Dec 2015, 09:25

I need to know the exact unaltered log line. Please include it in code brackets. The example you posted posted was very different than what other lightspeed users have posted:
https://www.litespeedtech.com/support/f ... logs.1935/

sfshayne · Post by **sfshayne** » 03 Dec 2015, 04:20

marcele wrote:I need to know the exact unaltered log line. Please include it in code brackets. The example you posted posted was very different than what other lightspeed users have posted:
https://www.litespeedtech.com/support/f ... logs.1935/

Hi, here it is but with the IP address redacted.

Code: Select all

2015-12-02 23:17:35.845 [INFO] [IP.ADD.RE.SS:50364:HTTP2-7] Authentication failed with user: 'username'.

marcele · Post by **marcele** » 03 Dec 2015, 17:50

This should work now:

Code: Select all

if (($config{LF_HTACCESS}) and ($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /\[INFO\] \[(\S+):\d+\S+\] Authentication failed with user: '(\S*)'.$/)) {
		return ("Failed web page login from $2",$1,"htpasswd","5","80,443","86400");
	}

Example:
https://regex101.com/r/mA6nA7/2

sfshayne · Post by **sfshayne** » 05 Dec 2015, 04:19

marcele wrote:This should work now:

Code: Select all

if (($config{LF_HTACCESS}) and ($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /\[INFO\] \[(\S+):\d+\S+\] Authentication failed with user: '(\S*)'.$/)) {
		return ("Failed web page login from $2",$1,"htpasswd","5","80,443","86400");
	}

Example:
https://regex101.com/r/mA6nA7/2

Perfect! Thanks!

ConfigServer Community Forum

LF_HTACCESS not working on LiteSpeed servers

LF_HTACCESS not working on LiteSpeed servers

Re: LF_HTACCESS not working on LiteSpeed servers

Re: LF_HTACCESS not working on LiteSpeed servers

Re: LF_HTACCESS not working on LiteSpeed servers

Re: LF_HTACCESS not working on LiteSpeed servers

Re: LF_HTACCESS not working on LiteSpeed servers

Re: LF_HTACCESS not working on LiteSpeed servers

Re: LF_HTACCESS not working on LiteSpeed servers

Re: LF_HTACCESS not working on LiteSpeed servers