OpenLiteSpeed with mod_security running as reverse proxy (WAF)

edan

New Member
#1
Hi,

I had followed all guide in the net that I can find and read through this forum. So far I am able to setup OLS with mod_security, but when I want to set it up as reverse proxy I keep on getting 404 error.

1. How can I check if the rewrite being triggered?
2. https://openlitespeed.org/mediawiki/index.php/Help:Proxying_with_Rewrite_Rules asking to have Config File: $VH_ROOT/conf/vhconf.xml, but I it won't accept .xml only .conf?
3. What it should be for Document Root: since the suggestion is saying $VH_ROOT/html/?

I am a bit confuse here, please enlighten me so that I can have this done.

Thank you
 

edan

New Member
#3
Hi,

RESTART : 404 NOT FOUND

2020-11-13 12:51:18.002334 [NOTICE] [Child: 5588] LiteSpeed/1.6.17 Open
module versions:
modgzip 1.1
cache 1.62
modinspector 1.1
uploadprogress 1.1
mod_security 1.3
starts successfully!
2020-11-13 12:51:20.900443 [NOTICE] [Child: 5560] Shut down successfully!
2020-11-13 12:51:20.900695 [NOTICE] [AdminPHP] stop worker processes
2020-11-13 12:51:20.900818 [NOTICE] sendKillCmdToWatchdog: 'extappkill:5567:-3:00'.
2020-11-13 12:51:20.914789 [NOTICE] [AutoRestarter] cleanup children processes and unix sockets belong to process 5560 !
2020-11-13 12:51:21.000102 [NOTICE] [AutoRestarter] child process with pid=5560 exited with status=0!
2020-11-13 12:51:21.000432 [NOTICE] [PID:5553] Server Stopped!
2020-11-13 12:52:18.933113 [NOTICE] [LocalWorker::workerExec] VHost:_AdminVHost suExec check uid 998 gid 65534 setuidmode 2.
2020-11-13 12:52:18.933196 [NOTICE] [LocalWorker::workerExec] Config[AdminPHP]: suExec uid -1 gid -1 cmd /usr/local/lsws/admin/fcgi-bin/admin_php -c ../conf/php.ini, final uid 998 gid 65534.
2020-11-13 12:52:18.935601 [NOTICE] [AdminPHP] add child process pid: 5603
2020-11-13 12:52:49.086106 [NOTICE] sendKillCmdToWatchdog: 'extappkill:5603:-3:00'.
2020-11-13 12:52:49.200818 [NOTICE] [5582] Cmd from child: [extappkill:5603:-3:00]
2020-11-13 12:52:49.201169 [INFO] Failed to get process [5603] start time, not running, skip killing.


Anything that I missed?
 

edan

New Member
#4
2020-11-13 12:58:05.782369 [NOTICE] [Child: 5660] Start shutting down gracefully ...
2020-11-13 12:58:05.782452 [INFO] Stop listener *:8088.
2020-11-13 12:58:05.782641 [NOTICE] [Child: 5659] Start shutting down gracefully ...
2020-11-13 12:58:05.782682 [INFO] Stop listener *:8088.
2020-11-13 12:58:05.782741 [INFO] Stop listener *:7080.
2020-11-13 12:58:05.784133 [NOTICE] [Child: 5660] Shut down successfully!
2020-11-13 12:58:05.818621 [INFO] [config:server:basics] httpdWorkers: 2, Num of Processors: 2
2020-11-13 12:58:05.818722 [INFO] [config:server:basics] enableLVE: 0
2020-11-13 12:58:05.818752 [INFO] [config:server:basics] bubbleWrap: 0, cmd: '(null)'
2020-11-13 12:58:05.858576 [INFO] [PlainConf] [httpServerConfig:] start parsing file /usr/local/lsws/conf/httpd_config.conf
2020-11-13 12:58:05.858935 [INFO] [PlainConf] [httpServerConfig:] Finished parsing file /usr/local/lsws/conf/httpd_config.conf
2020-11-13 12:58:05.858997 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [checkprivatecache 1]
2020-11-13 12:58:05.859023 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [checkpubliccache 1]
2020-11-13 12:58:05.859050 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [maxcacheobjsize 10000000]
2020-11-13 12:58:05.859075 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [maxstaleage 200]
2020-11-13 12:58:05.859100 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [qscache 1]
2020-11-13 12:58:05.859126 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [reqcookiecache 1]
2020-11-13 12:58:05.859151 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [respcookiecache 1]
2020-11-13 12:58:05.859176 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [ignorereqcachectrl 1]
2020-11-13 12:58:05.859202 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [ignorerespcachectrl 0]
2020-11-13 12:58:05.859227 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [enablecache 0]
2020-11-13 12:58:05.859252 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [expireinseconds 3600]
2020-11-13 12:58:05.859277 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [enableprivatecache 0]
2020-11-13 12:58:05.859303 [INFO] [PlainConf] [httpServerConfig:] module [cache] add param [privateexpireinseconds 3600]
2020-11-13 12:58:05.859774 [NOTICE] Loading LiteSpeed/1.6.17 Open
module versions:
modgzip 1.1
cache 1.62
modinspector 1.1
uploadprogress 1.1
mod_security 1.3
(built: Thu Oct 29 15:05:03 UTC 2020) ...
2020-11-13 12:58:05.859951 [NOTICE] Using [BoringSSL]
2020-11-13 12:58:05.867219 [NOTICE] [ADMIN] server socket: uds://usr/local/lsws/admin/tmp/admin.sock.7434
2020-11-13 12:58:05.871382 [NOTICE] Recovering server socket: [*:8088]
2020-11-13 12:58:05.871592 [NOTICE] Recv listener *:8088, copy fd 1000 to 8.
2020-11-13 12:58:05.871775 [NOTICE] Recovering server socket: [*:7080]
2020-11-13 12:58:05.871874 [NOTICE] Recv listener *:7080, copy fd 1001 to 9.
2020-11-13 12:58:05.872042 [NOTICE] chroot is disabled.
2020-11-13 12:58:05.872116 [INFO] old priority: 0, new priority: 0
2020-11-13 12:58:05.872603 [INFO] [config:server:basics2] For better obscurity, server version number is hidden in the response header.
2020-11-13 12:58:05.966685 [NOTICE] [PID: 5699]: forked cgid: 5704
2020-11-13 12:58:05.968769 [INFO] [PlainConf] [adminConfig:] start parsing file /usr/local/lsws/admin/conf/admin_config.conf
2020-11-13 12:58:05.974058 [INFO] [PlainConf] [adminConfig:] Finished parsing file /usr/local/lsws/admin/conf/admin_config.conf
2020-11-13 12:58:05.986793 [INFO] [Module: modcompress 1.1] has been initialized successfully
2020-11-13 12:58:05.987291 [INFO] [Module: moddecompress 1.1] has been initialized successfully
2020-11-13 12:58:05.987618 [INFO] [Module: cache 1.62] has been initialized successfully
2020-11-13 12:58:05.993461 [NOTICE] Reuse current listener [adminListener].
2020-11-13 12:58:05.993843 [INFO] [UDP:0.0.0.0:7080] initPacketsIn: allocated 100 packets
2020-11-13 12:58:05.995049 [NOTICE] Reuse current listener [Default].
2020-11-13 12:58:05.995140 [NOTICE] The maximum number of file descriptor limit is set to 50000.
2020-11-13 12:58:06.006038 [INFO] [PlainConf] [virtualHostConfig:] start parsing file /usr/local/lsws/conf/vhosts/Example/vhconf.conf
2020-11-13 12:58:06.010752 [INFO] [PlainConf] [virtualHostConfig:] Finished parsing file /usr/local/lsws/conf/vhosts/Example/vhconf.conf
2020-11-13 12:58:06.010809 [INFO] [PlainConf] [context:/] rewrite [] add rules [rewritefile .htaccess]
2020-11-13 12:58:06.013822 [INFO] [config:server:vhosts:vhost:Example] config context /.
2020-11-13 12:58:06.013994 [INFO] RewriteFile [.htaccess] parsed, return 0.
2020-11-13 12:58:06.014025 [INFO] [config:server:vhosts:vhost:Example] config context /blocked/.
2020-11-13 12:58:06.014063 [INFO] [config:server:vhosts:vhost:Example] config context /cgi-bin/.
2020-11-13 12:58:06.014127 [INFO] [config:server:vhosts:vhost:Example] config context /docs/.
2020-11-13 12:58:06.014188 [INFO] [config:server:vhosts:vhost:Example] config context /protected/.
2020-11-13 12:58:06.014526 [WARN] Path for vhost root is not accessible: /usr/local/lsws/proxy/
2020-11-13 12:58:06.014593 [INFO] [PlainConf] [virtualHostTemplate:] start parsing file /usr/local/lsws/conf/templates/ccl.conf
2020-11-13 12:58:06.017293 [INFO] [PlainConf] [virtualHostTemplate:] Finished parsing file /usr/local/lsws/conf/templates/ccl.conf
2020-11-13 12:58:06.017431 [INFO] [PlainConf] [context:/] rewrite [] add rules [rewritefile .htaccess]
2020-11-13 12:58:06.017521 [INFO] [PlainConf] [virtualHostTemplate:] start parsing file /usr/local/lsws/conf/templates/rails.conf
2020-11-13 12:58:06.019752 [INFO] [PlainConf] [virtualHostTemplate:] Finished parsing file /usr/local/lsws/conf/templates/rails.conf
2020-11-13 12:58:06.019807 [INFO] [PlainConf] [context:/] rewrite [] add rules [rewritefile .htaccess]
2020-11-13 12:58:06.019853 [NOTICE] [ZConfManager] No VHosts added, do not send!
2020-11-13 12:58:06.020131 [INFO] [UDP:0.0.0.0:7080] initPacketsIn: allocated 100 packets
2020-11-13 12:58:06.020985 [NOTICE] Instance is ready for service.
2020-11-13 12:58:06.022455 [NOTICE] [AutoRestarter] new child process with pid=5705 is forked!
2020-11-13 12:58:06.024321 [NOTICE] [AutoRestarter] new child process with pid=5706 is forked!
2020-11-13 12:58:06.031300 [INFO] Stop listener *:7080.
2020-11-13 12:58:06.031922 [NOTICE] AIO is not supported on this machine!
2020-11-13 12:58:06.033200 [NOTICE] [child: 5705] Successfully change current user to nobody
2020-11-13 12:58:06.033306 [NOTICE] Child: 5705] Core dump is enabled.
2020-11-13 12:58:06.033924 [NOTICE] [Child: 5705] Setup swapping space...
2020-11-13 12:58:06.034590 [NOTICE] [Child: 5705] LiteSpeed/1.6.17 Open
module versions:
modgzip 1.1
cache 1.62
modinspector 1.1
uploadprogress 1.1
mod_security 1.3
starts successfully!
2020-11-13 12:58:06.035457 [NOTICE] AIO is not supported on this machine!
2020-11-13 12:58:06.036128 [NOTICE] [child: 5706] Successfully change current user to nobody
2020-11-13 12:58:06.036217 [NOTICE] Child: 5706] Core dump is enabled.
2020-11-13 12:58:06.036436 [NOTICE] [Child: 5706] Setup swapping space...
2020-11-13 12:58:06.036860 [NOTICE] [Child: 5706] LiteSpeed/1.6.17 Open
module versions:
modgzip 1.1
cache 1.62
modinspector 1.1
uploadprogress 1.1
mod_security 1.3
starts successfully!
2020-11-13 12:58:06.400476 [NOTICE] [Child: 5659] Shut down successfully!
2020-11-13 12:58:19.657461 [NOTICE] [LocalWorker::workerExec] VHost:_AdminVHost suExec check uid 998 gid 65534 setuidmode 2.
2020-11-13 12:58:19.657616 [NOTICE] [LocalWorker::workerExec] Config[AdminPHP]: suExec uid -1 gid -1 cmd /usr/local/lsws/admin/fcgi-bin/admin_php -c ../conf/php.ini, final uid 998 gid 65534.
2020-11-13 12:58:19.660854 [NOTICE] [AdminPHP] add child process pid: 5713
2020-11-13 12:58:50.010911 [NOTICE] sendKillCmdToWatchdog: 'extappkill:5713:-3:0'.
2020-11-13 12:58:50.200803 [NOTICE] [5699] Cmd from child: [extappkill:5713:-3:0]
2020-11-13 12:58:50.201130 [INFO] Failed to get process [5713] start time, not running, skip killing.
2020-11-13 12:59:19.765579 [NOTICE] [LocalWorker::workerExec] VHost:_AdminVHost suExec check uid 998 gid 65534 setuidmode 2.
2020-11-13 12:59:19.765652 [NOTICE] [LocalWorker::workerExec] Config[AdminPHP]: suExec uid -1 gid -1 cmd /usr/local/lsws/admin/fcgi-bin/admin_php -c ../conf/php.ini, final uid 998 gid 65534.
2020-11-13 12:59:19.768899 [NOTICE] [AdminPHP] add child process pid: 5714
2020-11-13 12:59:50.017823 [NOTICE] sendKillCmdToWatchdog: 'extappkill:5714:-3:0'.
2020-11-13 12:59:50.200551 [NOTICE] [5699] Cmd from child: [extappkill:5714:-3:0]
2020-11-13 12:59:50.200634 [INFO] Failed to get process [5714] start time, not running, skip killing.
2020-11-13 13:00:19.868622 [NOTICE] [LocalWorker::workerExec] VHost:_AdminVHost suExec check uid 998 gid 65534 setuidmode 2.
2020-11-13 13:00:19.868697 [NOTICE] [LocalWorker::workerExec] Config[AdminPHP]: suExec uid -1 gid -1 cmd /usr/local/lsws/admin/fcgi-bin/admin_php -c ../conf/php.ini, final uid 998 gid 65534.
2020-11-13 13:00:19.871531 [NOTICE] [AdminPHP] add child process pid: 5715
2020-11-13 13:00:50.024238 [NOTICE] sendKillCmdToWatchdog: 'extappkill:5715:-3:0'.
2020-11-13 13:00:50.200550 [NOTICE] [5699] Cmd from child: [extappkill:5715:-3:0]
2020-11-13 13:00:50.200645 [INFO] Failed to get process [5715] start time, not running, skip killing.
 

edan

New Member
#5
I guess I followed exactly as suggested, instead that I am running my real server on separate server instead of in localhost.

- Wordpress on Nginx at 192.168.0.12 [running on port 80]
- OLS at 192.168.0.10 [change Listen from 8088 to 80]

:Server Configuration => External App => Add => Type => Web Server
Name: nginx
Address: 192.168.0.12
Max Connection: 100
Connection Keep-Alive Timeout : 60
Initial Request Timeout (secs) : 60
Retry Timeout (secs) : 0
Response Buffering : No
* now I have the default LiteSpeed SAPI App and Web Server in the External Applications

:Virtual Hosts => Add
Virtual Host Name : proxy-vhost
Virtual Host Root : $SERVER_ROOT/proxy/
Config File : $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
Follow Symbolic Link : No
Enable Scripts/ExtApps : No
Restrained : Yes
Max Keep-Alive Requests : 1000
* now I have the default Example and proxy-vhost in the Virtual Host List

Virtual Hosts > proxy-vhost > Rewrite
Enable Rewrite : Yes
Log Level : 9
Rewrite Rules: REWRITERULE ^/(.*)$ HTTP://VHOST-PROXY/$1 [P]

: Listener List => Default [View]
Virtual Host Mappings => Example [Delete]
Virtual Host Mappings =>Add => Virtual Host: proxy-vhost => Domains: *

RESTART : 404 NOT FOUND
 

edan

New Member
#8
https://openlitespeed.org/kb/litespeed-cache-openlitespeed-reverse-proxy/

Please try to update "Address: 192.168.0.12 " to "Address: http://192.168.0.12:80" and see how it goes.

I just setup a OLS port 80/443(proxy) + Apache port 81/444 on the same server, works pretty well. If you want, I can share the setup script.
I updated the Address as you suggested, it still doesn't work, as I am getting same 404 error.

Please share your setup script for me to have as a guide. In my setup, I am using different server one for the OLS and another one for the Nginx.

Thank you
 
Last edited:

gilles

Active Member
#9
I think the rewrite rule is not correct:
Rewrite Rules: REWRITERULE ^/(.*)$ HTTP://VHOST-PROXY/$1 [P]
The documentation says:
Note: “vhost-proxy” is the name of a proxy (web server) external application you have created.
which in your case would be 'nginx'.

The documentation is a bit confusing because it starts with 'apache' at the top and ends up with 'vhost-proxy1' instead of something like 'webserver-extapp' or 'apache'. I mean why 'ghost-proxy' and why the '1' suffix?
 
#11
I think the rewrite rule is not correct:


The documentation says:

which in your case would be 'nginx'.

The documentation is a bit confusing because it starts with 'apache' at the top and ends up with 'vhost-proxy1' instead of something like 'webserver-extapp' or 'apache'. I mean why 'ghost-proxy' and why the '1' suffix?
I tried changing from VHOST-PROXY to NGINX still same error; then I try changing to IP address, all leads to same error
 

gilles

Active Member
#13
@edan, it might be more efficient for you to share your /usr/local/lsws/conf/httpd_config.conf and /usr/local/lsws/conf/vhosts/proxy-vhost/vhost.conf files here or with LiteSpeed tech support.
 
#15
you can try IP directly, it should still work.
I tried running the script, and this is what happen:

root@ols-box:/home/sysadmin# ./setup.sh
--2020-11-23 13:44:12-- http://rpms.litespeedtech.com/debian/enable_lst_debain_repo.sh
Resolving rpms.litespeedtech.com (rpms.litespeedtech.com)... 52.55.120.73
Connecting to rpms.litespeedtech.com (rpms.litespeedtech.com)|52.55.120.73|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3644 (3.6K) [application/x-sh]
Saving to: ‘STDOUT’

- 100%[=================================================>] 3.56K --.-KB/s in 0s

2020-11-23 13:44:12 (44.5 MB/s) - written to stdout [3644/3644]

detecting OS type :
detected OS: debian - 10
now enable the LiteSpeed Debian Repo
register LiteSpeed GPG key
--2020-11-23 13:44:12-- http://rpms.litespeedtech.com/debian/lst_debian_repo.gpg
Resolving rpms.litespeedtech.com (rpms.litespeedtech.com)... 52.55.120.73
Connecting to rpms.litespeedtech.com (rpms.litespeedtech.com)|52.55.120.73|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1198 (1.2K) [application/octet-stream]
Saving to: ‘/etc/apt/trusted.gpg.d/lst_debian_repo.gpg’

/etc/apt/trusted.gpg.d/lst_de 100%[=================================================>] 1.17K --.-KB/s in 0s

2020-11-23 13:44:13 (25.3 MB/s) - ‘/etc/apt/trusted.gpg.d/lst_debian_repo.gpg’ saved [1198/1198]

--2020-11-23 13:44:13-- http://rpms.litespeedtech.com/debian/lst_repo.gpg
Resolving rpms.litespeedtech.com (rpms.litespeedtech.com)... 52.55.120.73
Connecting to rpms.litespeedtech.com (rpms.litespeedtech.com)|52.55.120.73|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2336 (2.3K) [application/octet-stream]
Saving to: ‘/etc/apt/trusted.gpg.d/lst_repo.gpg’

/etc/apt/trusted.gpg.d/lst_re 100%[=================================================>] 2.28K --.-KB/s in 0s

2020-11-23 13:44:13 (26.6 MB/s) - ‘/etc/apt/trusted.gpg.d/lst_repo.gpg’ saved [2336/2336]

update the repo
Hit:1 http://deb.debian.org/debian buster InRelease
Hit:2 http://deb.debian.org/debian buster-updates InRelease
Hit:3 http://security.debian.org/debian-security buster/updates InRelease
Ign:4 http://rpms.litespeedtech.com/debian buster InRelease
Hit:5 http://rpms.litespeedtech.com/debian buster Release
Reading package lists... Done
All done, congratulations and enjoy !
Current platform is DEBIAN10 debian buster.
Detect remote server, will skip Apache setup!
Install basic packages
Install Apache Web Server
Skip!
Install openLiteSpeed Web Server
Version: openlitespeed 1.6.17
[ERROR] Failed to start the web server.
Usage: grep [OPTION]... PATTERNS [FILE]...
Try 'grep --help' for more information.
Install PHP & Packages for LSWS
Install PHP & Packages for Apache
Skip!
Setting Apache Config
Skip!
Setting OpenLiteSpeed Config
cp: cannot stat './webservers/openlitespeed/conf/httpd_config.conf': No such file or directory
cp: cannot stat './webservers/openlitespeed/conf/vhconf.conf': No such file or directory
sed: can't read /usr/local/lsws/conf/vhosts/Example/vhconf.conf: No such file or directory
sed: can't read /usr/local/lsws/conf/vhosts/Example/vhconf.conf: No such file or directory
sed: can't read /usr/local/lsws/conf/vhosts/Example/vhconf.conf: No such file or directory
sed: can't read /usr/local/lsws/conf/vhosts/Example/vhconf.conf: No such file or directory
Job for lsws.service failed because the control process exited with error code.
See "systemctl status lsws.service" and "journalctl -xe" for details.
Please check
Please check
 
#17
Good catch, should be the domain or IP.
@edan , here's the script https://github.com/Code-Egg/ols-proxy. Please run the installation on a new server.
root@ols-box:/home/sysadmin/ols-proxy# ./setup.sh
Current platform is DEBIAN10 debian buster.
Detect remote server, will skip Apache setup!
Install basic packages
Install Apache Web Server
Skip!
Install openLiteSpeed Web Server
Version: openlitespeed 1.6.17
[ERROR] Failed to start the web server.
Usage: grep [OPTION]... PATTERNS [FILE]...
Try 'grep --help' for more information.
Install PHP & Packages for LSWS
Install PHP & Packages for Apache
Skip!
Setting Apache Config
Skip!
Setting OpenLiteSpeed Config
Please check
Please check
 
#18
#19
I setup a new Debian installation and still it doesn't work!:

root@ols-proxy:~# cd ols-proxy; bash setup.sh
Current platform is DEBIAN10 debian buster.
Detect remote server, will skip Apache setup!
Install basic packages
Install Apache Web Server
Skip!
Install openLiteSpeed Web Server
Version: openlitespeed 1.6.17
ols process is running!
Stop web service temporary
[OK] Stop lshttpd service
Install PHP & Packages for LSWS
Install PHP & Packages for Apache
Skip!
Setting Apache Config
Skip!
Setting OpenLiteSpeed Config
Please check
Please check
 

Cold-Egg

Administrator
#20
I setup a new Debian installation and still it doesn't work!:

root@ols-proxy:~# cd ols-proxy; bash setup.sh
Current platform is DEBIAN10 debian buster.
Detect remote server, will skip Apache setup!
Install basic packages
Install Apache Web Server
Skip!
Install openLiteSpeed Web Server
Version: openlitespeed 1.6.17
ols process is running!
Stop web service temporary
[OK] Stop lshttpd service
Install PHP & Packages for LSWS
Install PHP & Packages for Apache
Skip!
Setting Apache Config
Skip!
Setting OpenLiteSpeed Config
Please check
Please check
Looks better on the new server. So does it work now?
 
Top