Using 7G Firewall with OpenLiteSpeed

HomeUsing 7G Firewall with OpenLiteSpeed
October 14, 2021
How Can We Help?
< Back
You are here:
Print
Posted
Last Updated On
ByOpenLiteSpeed

7G Firewall is a powerful, well-optimized LiteSpeed-compatible set of rewrite rules that checks all URI requests against a set of carefully constructed .htaccess files.

Install

There are a few simple steps to installing and using 7G Firewall:

  1. Download the ZIP file from Perishable Press
  2. Copy the contents of 7G_Firewall.txt into your site’s document root .htaccess
  3. Restart OpenLiteSpeed:
    systemctl restart lsws

Verify it’s Working

Visit ?fullclick or 0day.php on your domain (for example, https://example.com/?fullclick). The server should return a 403 Permission Denied error.

Log Blocked Requests

7G Firewall includes built-in logging directives. Once logging is enabled, mod_rewrite will send request data to the 7G_log.php script. The logging script then parses the data and writes it to the 7G_log.txt file. The result is a log file that looks very similar to Apache defaults.

  1. Download the ZIP file from Perishable Press
  2. Copy 7G_log.txt to your site’s document root, or touch a file with that name there
  3. Copy 7G_log.php to your site’s document root
  4. Update the rewrite rules in .htaccess so that it performs 7G logging, as described in Modify .htaccess below
  5. Restart OpenLiteSpeed:
    systemctl restart lsws

Modify .htaccess

You should see this line in several places in .htaccess:


RewriteRule .* - [F,L]

Directly under that line will be commented-out rules similar to this one:


# RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3]

In order to initiate logging, comment out the first rule, and uncomment the second, like so:


# RewriteRule .* - [F,L]
RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3]

Additionally, all of the newly enabled rules will need to be modified in order to work with OpenLiteSpeed.

OLS passes [REDIRECT_QUERY_STRING] => fullclick instead of  [REDIRECT_QUERY_STRING] => log, so the return ($check === 'log') ? true : false; in 7G_log.php will return false, and exit the script.

To avoid this, modify all of the logging rewrite rules so that they assign the variable to the rewrite. Add E=REDIRECT_QUERY_STRING:log to each of these rules, before the ending ], like so:


RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3,E=REDIRECT_QUERY_STRING:log]

NOTE: Even though the 7G variable name changes in each of these logging rewrite rules, you should always add the same OLS variable (E=REDIRECT_QUERY_STRING) to the rule.

Verify it’s Working

Visit ?fullclick or 0day.php on your domain (for example, https://example.com/?fullclick). The server should return a 403 Permission Denied error, and you should see a corresponding entry in 7G_log.txt. Like so:

1.2.3.4 - 2021/10/08 01:06:38 - GET - HTTP/1.1 - / - fullclick - - - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36