Hello everyone
I installed and configured a LiteSpeed Webserver on top of a Ubuntu 20.04 Virtualmin install. After adding a script handler for php and CacheRoot for the virtualhosts moast things started to work as intended.
Now I'm having two specific issues regarding a CGI/Perl script and Basic Authentication.
Autodiscover Script
Accessing autodiscover.domain.com/autodiscover/autodiscover.xml or autoconfig.domain.co/cgi-bin/autoconfig.cgi both result in a 403 error from lsws.
Looking into the error.log I get the following info:
Running apache2 both work as intended.
What could be the reason of the ACL?
Basic Authentication in <Files> Directive
Accessing domain.com/awstats/awstats.pl works as intended from the script side. The problem here is that the Basic Authentication from the apache configuration is not respected. It will return the stats no matter if authenticated or not. Running apache2 will result in a user/password prompt.
Adding the following file /home/testuser/cgi-bin/.htaccess makes it respect the authentication.
It seems like LiteSpeed is not respecting the <Files> directive from the virtualserver configuration.
Below is the full virtualhost apache configuration for port 443.
Thanks for your help
I installed and configured a LiteSpeed Webserver on top of a Ubuntu 20.04 Virtualmin install. After adding a script handler for php and CacheRoot for the virtualhosts moast things started to work as intended.
Now I'm having two specific issues regarding a CGI/Perl script and Basic Authentication.
Autodiscover Script
Accessing autodiscover.domain.com/autodiscover/autodiscover.xml or autoconfig.domain.co/cgi-bin/autoconfig.cgi both result in a 403 error from lsws.
Looking into the error.log I get the following info:
Code:
[INFO] [150553] [T0] [XX.XXX.XXX.XXX:59851:HTTP2-7#APVH_domain.com:443] [ACL] Access to context [/cgi-bin/] is denied!What could be the reason of the ACL?
Basic Authentication in <Files> Directive
Accessing domain.com/awstats/awstats.pl works as intended from the script side. The problem here is that the Basic Authentication from the apache configuration is not respected. It will return the stats no matter if authenticated or not. Running apache2 will result in a user/password prompt.
Adding the following file /home/testuser/cgi-bin/.htaccess makes it respect the authentication.
Apache config:
<Files awstats.pl>
AuthName "domain.co statistics"
AuthType Basic
AuthUserFile /home/testuser/.stats-htpasswd
require valid-user
</Files>Below is the full virtualhost apache configuration for port 443.
Thanks for your help
Apache config:
SuexecUserGroup "#1003" "#1003"
ServerName domain.com
ServerAlias www.domain.com
ServerAlias mail.domain.com
ServerAlias webmail.domain.com
ServerAlias admin.domain.com
ServerAlias autoconfig.domain.com
ServerAlias autodiscover.domain.com
DocumentRoot /home/testuser/public_html
ErrorLog /var/log/virtualmin/domain.com_error_log
CustomLog /var/log/virtualmin/domain.com_access_log combined
ScriptAlias /cgi-bin/ /home/testuser/cgi-bin/
ScriptAlias /awstats/ /home/testuser/cgi-bin/
ScriptAlias /AutoDiscover/AutoDiscover.xml /home/testuser/cgi-bin/autoconfig.cgi
ScriptAlias /Autodiscover/Autodiscover.xml /home/testuser/cgi-bin/autoconfig.cgi
ScriptAlias /autodiscover/autodiscover.xml /home/testuser/cgi-bin/autoconfig.cgi
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<IfModule Litespeed>
CacheRoot /home/testuser/lscache/
</IfModule>
<Directory /home/testuser/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php7.4
FCGIWrapper /home/testuser/fcgi-bin/php7.4.fcgi .php
FCGIWrapper /home/testuser/fcgi-bin/php7.4.fcgi .php7.4
</Directory>
<Directory /home/testuser/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.domain.com
RewriteRule ^(?!/.well-known)(.*) https://domain.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.domain.com
RewriteRule ^(?!/.well-known)(.*) https://domain.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.4
FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/testuser/ssl.cert
SSLCertificateKeyFile /home/testuser/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
<Files awstats.pl>
AuthName "domain.com statistics"
AuthType Basic
AuthUserFile /home/testuser/.awstats-htpasswd
require valid-user
</Files>
SSLCACertificateFile /home/testuser/ssl.ca
IPCCommTimeout 31
Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi
Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi