mrr Posted February 19, 2009 Report Share Posted February 19, 2009 I have a bunch of minor problems with LiteSpeed and signed up for this host because it promised Apache. (See http://www.hawkhost.com/Shared/compare and http://www.hawkhost.com/Hosting/features#apachewebserver .) I might list all the other LiteSpeed problems later, but I have a major issue now. First, LiteSpeed busts standard anti-hotlinking configurations. This:### Stop people from direct-linking to images and other bandwidth-intensive content. # SetEnvIfNoCase Referer "bitomind.com" local_ref=1 SetEnvIf Referer "^$" local_ref=1 Order Allow,Deny Allow from env=local_ref Has always worked fine in Apache but blocks all images in LiteSpeed! So, I commented out that code and next tried cPanel. cPanel does not stop hotlinking on this server! It's also prepending ".*" to the blocked filetype list -- which does not seem right. So, how do I really stop hotlinking on a Litespeed server? Is cPanel busted or misconfigured? Failing all that, can I actually get on a server running Apache, as advertised? Quote Link to comment Share on other sites More sharing options...
mrr Posted February 19, 2009 Author Report Share Posted February 19, 2009 The following code doesn't work either: RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?bitomind.com [NC] RewriteCond %{REQUEST_URI} !^http://bitomind.com/pics/bandwidth_thief.gif$ [NC] RewriteRule .(jpg|jpeg|png|gif)$ /pics/bandwidth_thief.gif [NC,R,L] Quote Link to comment Share on other sites More sharing options...
Tony Posted February 19, 2009 Report Share Posted February 19, 2009 Have you made a ticket about your issue? Hotlink protection should work fine so we'd like to investigate this but you'll need to make a ticket. Quote Link to comment Share on other sites More sharing options...
mrr Posted February 20, 2009 Author Report Share Posted February 20, 2009 No I didn't make a ticket, thought I'd try the forum first. Will post a ticket in a minute. Turns out that not only does hotlink protection not work but it is busted, on LiteSpeed only, by the standard -- required -- WordPress .htaccess, in the WordPress subdirectory. EG: # BEGIN WordPress RewriteEngine On RewriteBase /memes/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /memes/index.php [L] # END WordPress Commenting out that file allows the second standard .htaccess technique to work but busts WordPress! Restoring WordPress and placing the following code in an .htaccess, in the WordPress uploads directory, appears to stop hotlinking of uploaded wordPress pics.RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?bitomind.com [NC] RewriteCond %{REQUEST_URI} !^(http://bitomind.com)?/pics/bandwidth_thief.gif$ [NC] RewriteRule .(jpg|jpeg|png|gif)$ /pics/bandwidth_thief.gif [NC,L] Still working on an acceptable solution, non of these hijinks are needed in Apache. Quote Link to comment Share on other sites More sharing options...
mrr Posted February 20, 2009 Author Report Share Posted February 20, 2009 I see that those two sales pages have now been changed to eliminate the "bait and switch". Note that the cPanel still reports: "Apache version 2.2.11 (Unix)". Quote Link to comment Share on other sites More sharing options...
Cody R. Posted February 20, 2009 Report Share Posted February 20, 2009 I see that those two sales pages have now been changed to eliminate the "bait and switch". Note that the cPanel still reports: "Apache version 2.2.11 (Unix)". Just to elaborate on this; we didn't advertise this as a selling point / to "bait and switch". We just recently migrated everything to LiteSpeed (see here). Beyond that we plan on launching a new site soon (see here) so updates on the main page have been slowed to a crawl. This is not an excuse for our mistake, but I just want to clarify it was an honest one and not some sleazy sales tactic to entice users. As for cPanel reporting Apache still I'll look into it; LiteSpeed handles most of Apache's features without a hitch so nothing changed on that end. -Cody Quote Link to comment Share on other sites More sharing options...
mrr Posted February 20, 2009 Author Report Share Posted February 20, 2009 I tried to indicate, by that smiley, that that was a little tongue-in-cheek. If I was really too worked up about the bait and switch, I would have been screaming about it or canceling my account. I still have other issues with LiteSpeed, but they are all minor. For the price, this is a very fast host -- so some LiteSpeed annoyances can be tolerated. Quote Link to comment Share on other sites More sharing options...
Cody R. Posted February 20, 2009 Report Share Posted February 20, 2009 I tried to indicate, by that smiley, that that was a little tongue-in-cheek. If I was really too worked up about the bait and switch, I would have been screaming about it or canceling my account. I still have other issues with LiteSpeed, but they are all minor. For the price, this is a very fast host -- so some LiteSpeed annoyances can be tolerated. I realized you were joking - though I wanted to clear it up for future clients / potential clients that it wasn't the case. LiteSpeed has had it's issues since the migration, though the tradeoff's (in our eyes) has been well worth it. Quote Link to comment Share on other sites More sharing options...
mrr Posted February 23, 2009 Author Report Share Posted February 23, 2009 Experimented in greater depth with cPanel: 1) cPanel does appear to block images, except for those used in WordPress. And not just the uploaded images; logos, theme graphics, everything --in WordPress -- is unprotected when running LiteSpeed. (2) cPanel does not forward to the "Redirect request to this URL" image unless that image is on an unprotected host! So that means we must: sacrifice a domain to host this image or leach someone else's image -- both of which are unacceptable. (3) The cPanel keeps prepending ".*". to the blocked extension list. It appears to work ok if one remembers to always delete this extra junk before updating, but it should be fixed. Conclusion: cPanel "HotLink Protection", in conjunction with a LiteSpeed server, is unacceptable. The three flaws should be documented or fixed to save future users from having to rediscover all this the hard way. I prefer an .htaccess solution, anyway, since it allows different sites to be tailored and for much finer control of what is and isn't allowed to be hotlinked. Quote Link to comment Share on other sites More sharing options...
mrr Posted February 23, 2009 Author Report Share Posted February 23, 2009 OK, here's the best solution I came up with, given the bugs in LiteSpeed: Code like this: # Block image hotlinking. Note that must also be placed in the base WordPress .htaccess to protect WP files. # The needed WP .htaccess interferes with image protection on LiteSpeed servers! (Bug) RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?bitomind.com [NC] RewriteCond %{REQUEST_URI} !^/pics/bandwidth_thief.gif$ [NC] RewriteRule .(jpg|jpeg|png|gif)$ /pics/bandwidth_thief.gif [NC,L] Protects everything but files in any WordPress tree. But duplicate the code in the .htaccess that WordPress uses and the site is protected... # BEGIN WordPress RewriteEngine On RewriteBase /memes/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /memes/index.php [L] # END WordPress # Must duplicate Image protection here because of LiteSpeed bug(s). RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?bitomind.com [NC] RewriteCond %{REQUEST_URI} !^/pics/bandwidth_thief.gif$ [NC] RewriteRule .(jpg|jpeg|png|gif)$ /pics/bandwidth_thief.gif [NC,L] Quote Link to comment Share on other sites More sharing options...
Tony Posted February 23, 2009 Report Share Posted February 23, 2009 It's a bug in LiteSpeed with handling multiple levels of rewrite rules. It'll be resolved before the final 4.0 release (we're running RC1 right now). Quote Link to comment Share on other sites More sharing options...
Tony Posted February 25, 2009 Report Share Posted February 25, 2009 For anyones curiosity with wordpress it'll in apache take over on the hotlink protection when you use mod_rewrite. To get around this you'd need to put "RewriteOptions inherit" which will fix it. It was introduced in the latest lsws release we're using. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.