Request Filtering

LiteSpeed's request filter is equivalent to that in Apache's mod_security. There are two separate rule systems. Rules configured from the WebAdmin console only work for virtual hosts configured via the WebAdmin console in native xml. For virtual hosts configured through Apache httpd.conf, you need to configure mod_security rules through httpd.conf, just like you would with Apache.

Table of Contents

Request Filter

Enable Request Filtering | Log Level | Default Action | Scan Request Body | Disable .htaccess Override | Enable Security Audit Log | Security Audit Log | 

Request Filtering Rule Set

Name | Rule Set Action | Enabled | Rules Definition | 

Enable Request FilteringGo to top
Description: Specifies whether to enable request content deep inspection. This feature is equivalent to Apache's mod_security, which can be used to detect and block requests with ill intention by matching them to known signatures.
Syntax: Select from radio box
Log LevelGo to top
Description: Specifies the level of detail of the request filtering engine's debug output. This value ranges from 0 - 9. 0 disables logging. 9 produces the most detailed log. The the server and virtual host's error log Log Level must be set to at least INFO for this option to take effect. This is useful when testing your request filtering rules.
Syntax: Integer number
See Also: Server Log Level, Virtual Host Log Level
Default ActionGo to top
Description: Specifies the default actions that should be taken when a censoring rule is met. Default value is deny,log,status:403, which means to deny access with status code 403 and log the incident in the error log.
Syntax: String. This action string is compatible with the syntax of Apache mod_security. Please refer to the mod_security manual for more detail.
EXAMPLE: END_EXAMPLE
TIPS: END_TIPS
See Also: Rule Set Action
Scan Request BodyGo to top
Description: Specifies whether to check the body of a HTTP POST request. Default is "No".
Syntax: Select from radio box
Disable .htaccess OverrideGo to top
Description: Specifies whether to disable .htaccess override. This is a global setting, only available at the server level. Default is "No".
Syntax: Select from radio box
Enable Security Audit LogGo to top
Description: Specifies whether to enable audit logging. This feature is equivalent to Apache's mod_security audit engine. If it is enabled and Security Audit Log is set, detailed request information will be saved.
Syntax: Select from radio box
See Also: Security Audit Log
Security Audit LogGo to top
Description: Specifies the path of the security audit log, which gives more detailed information. This extra information can be useful if, for example, you wish to track the actions of a particular user. Use Enable Security Audit Log to turn on the logging.
Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.
See Also: Enable Security Audit Log
Request Filtering Rule SetGo to top
Description: Rules configured here only work for virtual hosts configured with a native LSWS configuration, not for virtual hosts using Apache httpd.conf.
NameGo to top
Description: Give a group of censorship rules a name. For display only.
Syntax: String
Rule Set ActionGo to top
Description: Specifies the actions that should be taken when a censoring rule in current ruleset is met. If not set, Default Action will be used.
Syntax: String. This action string uses the same syntax as directive SecDefaultAction in Apache mod_security, please refer to the mod_security manual for more details.
EnabledGo to top
Description: Specifies whether to enable this rule set. With this option, a rule set can be quickly turned on and off without adding or removing the rule set. Default is "Yes".
Syntax: Select from radio box
Rules DefinitionGo to top
Description: Specifies a list of censorship rules.

If you are using an Apache config file, you have to set up rules in httpd.conf. Rules defined here will have no effect.
Syntax: String. Syntax of censoring rules follows that of Apache's mod_security directives. "SecFilter", "SecFilterSelective", and "SecRule" can be used here. You can copy and paste security rules from an Apache configuration file.

For more details about rule syntax, please refer to the Mod Security documentation.
Tips: Rules configured here only work for vhosts configured in native LSWS configuration, not for vhosts from Apache httpd.conf.

STAY CONNECTED