LiteSpeed Cache for XF2 - Community 2.3.0

[Michael A.]

@Michael A. does this work with the latest XF 2.2.3 Patch1 version? Is it safe to install now?


Thanks in advance!

Hello @El Porcharo ,

Not abandoned but not likely to get any big new features anytime soon. Based on rdn's report above we might have an issue with the newer "posting before registering" feature so I would say hold off until I get a chance to look into that proper (soon if I can manage to break away from some current projects for a bit).

Regards,
-Michael

 

[El Porcharo]

Thanks buddy, very kind reply


Take your time, no rush at all

 

[Michael A.]

Michael A. updated LiteSpeed Cache for XF2 - Community with a new update entry:

LiteSpeed Cache for XF2 Community - 2.2.3

[Bug Fix] Csrf validation is now bypassed for 'AddReply' and 'PostThread' guest actions to avoid security errors when performing these actions from a cached page. (Applies to XF 2.2 'write before registering' feature)

Read the rest of this update entry...

 

[Michael A.]

Hi,

Can you please add support for this XF 2.2.0 feature?

XF 2.2 - Writing before registering

Participation. It's the life blood of a forum, and once you have a group of dedicated members creating and discussing content, your forum will flourish. But there's a barrier to entry when it comes to participation. When a new visitor stumbles upon your forum from a search engine, they may read...

xenforo.com

Maybe a new cookie for visitors who have pending post submitted but not yet registered?
For now it's getting mixed up and saved on the cache and if someone visited a page that is already on the cache HIT with pending post, after they login it will be be posted as their post unfortunately.

Howdy @rdn ,

I ran through a few hours worth of tests on a clean XF2 installation with just the cache plugin installed and the 'write before registering' feature turned on and was unable to reproduce this behavior.

What I was able to figure out based on my digging is that the 'write before registering' feature works by storing a randomly generated guest_id along with the reply/post in the database. When the guest performs one of these actions they are immediately assigned a unique session cookie, similar to a logged in user, which is associated with that generated guest_id in the database. So at this point logging-in or registering with the session cookie present will then trigger the reply/thread post as that user.

So basically, the only way I could find for one user to post as another is if they are somehow assigned the same session cookie which should more or less never happen -- and never did happen during my testing. At this point I would probably recommend looking at other addons you might have installed that might change how user sessions are created and managed.

----------------

@El Porcharo , You should be good to go on trying out the addon -- I did not find any issues not addressed in today's v2.2.3 release.


Regards,
-Michael

 

[El Porcharo]

Thanks man! I'll try it out!

 

[El Porcharo]

Just finished installing it according to instructions.

I temporarily have locked the access to my XF by an htpasswd rule.

After adding the LScache code to htaccess and trying to access the board, it keeps asking me for the htpasswd credentials over and over. Instead, if I comment those htpasswd lines in htaccess I just get a blank page.

Not a big deal for the moment, I can do without it as the board will not be live 'till the end of the month (more or less), and since then users will need to be logged in for the next 3 months, as I want to be in a testing cycle before going public.

 

[rdn]

When the guest performs one of these actions they are immediately assigned a unique session cookie, similar to a logged in user, which is associated with that generated guest_id in the database.

You mean the xf_session cookie and it isn't stored on LS cache with the cached page?

 

[jb-net]

If I don't use the 'write before registering' feature can I stay on 2.2.2 or should I still upgrade to 2.2.3 for compatibility? Does the update reduce the caching in order to fix it or is the cache result still the same? Thanks!

 

[Michael A.]

You mean the xf_session cookie and it isn't stored on LS cache with the cached page?

Yes, the xf_session cookie. No this is not stored or in any way managed by lscache.

If I don't use the 'write before registering' feature can I stay on 2.2.2 or should I still upgrade to 2.2.3 for compatibility? Does the update reduce the caching in order to fix it or is the cache result still the same? Thanks!

Yes, if you do not plan on using that feature you can safely stay on 2.2.2 without issue.

 

[est3ban129]

I am using xenforo with xenporta and in the forum section I have the user session open, however when I enter the Xenporta section it is as if I am not logged in, the button to register appears and it looks as if I am a guest.
I can't click on the Log In button either, why is that?

I have this htaccess now

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 405 default
ErrorDocument 406 default
ErrorDocument 500 default
ErrorDocument 501 default
ErrorDocument 503 default

<IfModule litespeed>
    CacheLookup public On
    RewriteEngine On
    RewriteBase /
    RewriteRule ^foro/.*$ / [R=301,L]

    Redirect 301 /guia index.php?threads/como-conseguir-productos-gratis-de-amazon.37877/
    Redirect 301 /normas index.php?threads/❗❗❗-normas-e-información-de-obligada-lectura-❗❗❗.6978/
    Redirect 301 /pedirpelis index.php?forums/petici%C3%B3n-de-pel%C3%ADculas.59/
    Redirect 301 /pedirseries index.php?forums/petici%C3%B3n-de-series.19/
    Redirect 301 /est3ban129 https://t.me/est3ban129
    Redirect 301 /sellerpanel index.php?ads-manager/packages/

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # cache
    RewriteCond %{HTTP_COOKIE} !(xf_lscxf_logged_in|xf_user|xf_session_admin) [NC]
    RewriteCond %{REQUEST_URI} !/install/ [NC]
    RewriteRule .* - [E=Cache-Control:max-age=360,E="cache-vary:xf_style_id,xf_language_id"]
    # no cache
    RewriteCond %{HTTP_COOKIE} (xf_lscxf_logged_in|xf_user|xf_session_admin) [NC]
    RewriteRule .* - [E=Cache-Control:vary=loggedin,E=Cache-Control:no-cache]
</IfModule>

 

[est3ban129]

the problem is

    RewriteRule ^.*$ - [NC,L]

    RewriteRule ^.*$ index.php [NC,L]

if I remove these two lines, then the cache works fine, but the xenforo error pages don't work and the white Apache standard is displayed
Can anyone shed some light on this?

Thanks!

 

[Michael A.]

the problem is

    RewriteRule ^.*$ - [NC,L]

    RewriteRule ^.*$ index.php [NC,L]

if I remove these two lines, then the cache works fine, but the xenforo error pages don't work and the white Apache standard is displayed
Can anyone shed some light on this?

Thanks!

The L flag will inform the server to stop processing any rewrite rules after that line, which is likely why you are seeing a difference after removing them.

I would generally not recommend mixing your usual rewrite rules within the IfModule litespeed cache rules.

Try

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 405 default
ErrorDocument 406 default
ErrorDocument 500 default
ErrorDocument 501 default
ErrorDocument 503 default

<IfModule litespeed>
    CacheLookup public On
    RewriteEngine On
    # cache
    RewriteCond %{HTTP_COOKIE} !(xf_lscxf_logged_in|xf_user|xf_session_admin) [NC]
    RewriteCond %{REQUEST_URI} !/install/ [NC]
    RewriteRule .* - [E=Cache-Control:max-age=360,E="cache-vary:xf_style_id,xf_language_id"]
    # no cache
    RewriteCond %{HTTP_COOKIE} (xf_lscxf_logged_in|xf_user|xf_session_admin) [NC]
    RewriteRule .* - [E=Cache-Control:vary=loggedin,E=Cache-Control:no-cache]
</IfModule>   
    
RewriteBase /
RewriteRule ^foro/.*$ / [R=301,L]

Redirect 301 /guia index.php?threads/como-conseguir-productos-gratis-de-amazon.37877/
Redirect 301 /normas index.php?threads/❗❗❗-normas-e-información-de-obligada-lectura-❗❗❗.6978/
Redirect 301 /pedirpelis index.php?forums/petici%C3%B3n-de-pel%C3%ADculas.59/
Redirect 301 /pedirseries index.php?forums/petici%C3%B3n-de-series.19/
Redirect 301 /est3ban129 https://t.me/est3ban129
Redirect 301 /sellerpanel index.php?ads-manager/packages/

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

#    This line may be needed to enable WebDAV editing with PHP as a CGI.
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

 

[est3ban129]

The L flag will inform the server to stop processing any rewrite rules after that line, which is likely why you are seeing a difference after removing them.

I would generally not recommend mixing your usual rewrite rules within the IfModule litespeed cache rules.

Try

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 405 default
ErrorDocument 406 default
ErrorDocument 500 default
ErrorDocument 501 default
ErrorDocument 503 default

<IfModule litespeed>
    CacheLookup public On
    RewriteEngine On
    # cache
    RewriteCond %{HTTP_COOKIE} !(xf_lscxf_logged_in|xf_user|xf_session_admin) [NC]
    RewriteCond %{REQUEST_URI} !/install/ [NC]
    RewriteRule .* - [E=Cache-Control:max-age=360,E="cache-vary:xf_style_id,xf_language_id"]
    # no cache
    RewriteCond %{HTTP_COOKIE} (xf_lscxf_logged_in|xf_user|xf_session_admin) [NC]
    RewriteRule .* - [E=Cache-Control:vary=loggedin,E=Cache-Control:no-cache]
</IfModule>  
   
RewriteBase /
RewriteRule ^foro/.*$ / [R=301,L]

Redirect 301 /guia index.php?threads/como-conseguir-productos-gratis-de-amazon.37877/
Redirect 301 /normas index.php?threads/❗❗❗-normas-e-información-de-obligada-lectura-❗❗❗.6978/
Redirect 301 /pedirpelis index.php?forums/petici%C3%B3n-de-pel%C3%ADculas.59/
Redirect 301 /pedirseries index.php?forums/petici%C3%B3n-de-series.19/
Redirect 301 /est3ban129 https://t.me/est3ban129
Redirect 301 /sellerpanel index.php?ads-manager/packages/

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

#    This line may be needed to enable WebDAV editing with PHP as a CGI.
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

seems to work well, thank you very much

 

[Alpha1]

@Michael A. what are the installation instructions for NGINX? Considering that NGNIX has no .htaccess.
Where in the XF admin panel can we find the configuration?

 

[sHORTYWZ]

@Michael A. what are the installation instructions for NGINX? Considering that NGNIX has no .htaccess.
Where in the XF admin panel can we find the configuration?

This addon is for the LiteSpeed webserver, not NGINX.

 

[Alpha1]

@Michael A. would you recommend LSMCD for XF? Or just Memcached or Redis?
What are the benefits?

 

[Michael A.]

@Michael A. would you recommend LSMCD for XF? Or just Memcached or Redis?
What are the benefits?

I would say yes but I may be biased

LSMCD should be able to slot in anywhere Memcached is used so it would come down to preference. If I recall correctly we offer better performance than at least Memcached without needing a database backend along with options like high availability. Redis would also be a good option but I am less familiar with the differences between it and LSMCD.

We've got a product page for LSMCD here if you want to learn a bit more: https://litespeedtech.com/open-source/litespeed-memcached

 

[HybridBoy]

2.2.5 support?

 

[Michael A.]

2.2.5 support?

Should be yes. v2.2 in the "Compatible XF 2.x versions" list should cover all 2.2.x versions.

 

[Rhody]

It's working fine for me on 2.2.5