LF_HTACCESS not working on LiteSpeed servers
Posted: 31 Oct 2015, 07:45
It would be great if you can add LF_HTACESS support for LiteSpeed as this feature doesn't seem to be compatible with LSWS servers.
Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/
Hi,marcele wrote:Want to give me a log line sample? I can create a custom rule for you.
Code: Select all
if (($config{LF_HTACCESS}) and ($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /\[INFO\] \[(\S+):.*?\] Authentication failed with user: '(\S*)'.$/)) {
return ("Failed web page login from $2",$1,"htpasswd","5","80,443","86400");
}
Thanks but that didn't work for me. I'm trying to make this work on a cPanel server if that makes a difference.marcele wrote:Add to /usr/local/csf/bin/regex.custom.pm . This should block a user for 1 day who has 5 failed attempts.:Code: Select all
if (($config{LF_HTACCESS}) and ($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /\[INFO\] \[(\S+):.*?\] Authentication failed with user: '(\S*)'.$/)) { return ("Failed web page login from $2",$1,"htpasswd","5","80,443","86400"); }
Hi, here it is but with the IP address redacted.marcele wrote:I need to know the exact unaltered log line. Please include it in code brackets. The example you posted posted was very different than what other lightspeed users have posted:
https://www.litespeedtech.com/support/f ... logs.1935/
Code: Select all
2015-12-02 23:17:35.845 [INFO] [IP.ADD.RE.SS:50364:HTTP2-7] Authentication failed with user: 'username'.
Code: Select all
if (($config{LF_HTACCESS}) and ($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /\[INFO\] \[(\S+):\d+\S+\] Authentication failed with user: '(\S*)'.$/)) {
return ("Failed web page login from $2",$1,"htpasswd","5","80,443","86400");
}
Perfect! Thanks!marcele wrote:This should work now:Example:Code: Select all
if (($config{LF_HTACCESS}) and ($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /\[INFO\] \[(\S+):\d+\S+\] Authentication failed with user: '(\S*)'.$/)) { return ("Failed web page login from $2",$1,"htpasswd","5","80,443","86400"); }
https://regex101.com/r/mA6nA7/2