RewriteRules do not inherit correctly?

#1
Hello,

We're setting up new shared hostingservers with Litespeed Enterprise on CloudLinux8 with Plesk Obsidian. In this setup, Litespeed should (and does) natively support and parse all the Apache configurations used by plesk.

This works fine, except for the fact that RewriteRules do not seem to get inherited (or not correctly?) to the children's context (i.e.all the domains configured through Plesk). I'll try to clarify the situation and use-case below:

We want/need to block access to certain files globally, with a single .htaccess file placed in the virtualhost root-folder ("/var/www/vhosts" on Plesk servers). In this .htaccess, we block "xmlrpc.php" by default, using the following RewriteRule:

Apache config:
RewriteOptions InheritDownBefore
RewriteCond %{REQUEST_URI} ^.*xmlrpc\.php
RewriteRule .* - [F]
Furthermore, if malware or abuse is detected on a customer's domain, we can simply add a few RewriteRules to block access to the entire domain, with exceptions for certain administrator's IP addresses like so:

Apache config:
ErrorDocument 503 default
RewriteOptions InheritDownBefore
RewriteCond %{REMOTE_ADDR} !^IP\.V\.4\.ADDR$
RewriteCond %{REMOTE_ADDR} !^IP:V6:SUB:NET
RewriteRule .* - [R=503,L]
This serves a 503 response to all visitors, except to those matching the IPv4/6 addresses. They can then manage the site via the backend/CMS, etc...

This is coupled with a general Apache configuration in "/etc/httpd/conf.d/rewrite_inherit.conf", to Inherit the RewriteOptions to the children's context:

Apache config:
<Directory "/var/www/vhosts/.*/">
  RewriteOptions Inherit
</Directory>
Now, I am no expert in RewriteRules etc., but this configuration work flawlessly with Apache. When switching to Apache using the tool "/usr/local/lsws/admin/misc/cp_switch_ws.sh apache", all is well, and these RewriteRules get applied, perfect! However, when switching to Litespeed ("/usr/local/lsws/admin/misc/cp_switch_ws.sh lsws"), it stops working as intended. These rules do not seem to get applied anymore. The requests are handled as if the RewriteRules are not present.

We'd very much like to retain this functionality, as we're using it now across all of our current shared hostingservers (consisting of a mix between Plesk and DirectAdmin).

If anyone could shed some Lite on this issue, and maybe offer a solution for these use-cases with Litespeed, we'd appreciate it.

With kind regards,

Hindrik Deelstra
Oxilion B.V.
 
Last edited:
#2
Is there no one who can help us determine the cause, and offer a solution for this conundrum?

We'd very much like to have the ability to inherit RewriteRules to subdirectories to control these behaviors...

With kind regards,

Hindrik Deelstra
Oxilion B.V.
 
#4
Hi Andrey,

Thanks for this information, but that's not relevant to my case. There is no [L] flag anywhere in the chain before this RewriteRule in the .htaccess in the "/var/www/vhosts" directory. So there's no opportunity to stop processing these RewriteRules, until after this Rule has been processed.

I've also tried to remove the [L] flag in my own RewriteRule, so there's no [L] flag anywhere at all, but still the RewriteRules are not inherited, no matter what I try.

Though this is good to know, it is not the cause of my issues.

As an alternative, I've tried to use the Apache "<If>" construct, and that works flawlessly, but again, only on Apache! Litespeed seems to completely ignore any "If", "ElseIf" or "Else" directives. So that's also not a viable route to achieve our desired functionality.

If there's some more information about this, please let me know.

Still looking for the golden tip to get what we want.

With kind regards,

Hindrik Deelstra
 
#6
Hi Andrey,

Ah, I seem to have missed that one while searching for other issues like this ;) Well then, if Litespeed does not (yet) support the extended "Inherit*" options, I guess I'm out of luck for now.

I'll go and search for other issues with regards to the "<If>", "<ElseIf>" and "<Else>" directives, and submit a request if I can't find any relevant bug reports ;)

Thanks so far!

With kind regards,

Hindrik Deelstra
 
Top