PDA

View Full Version : mod_security support

mferguson
02-14-2010, 01:08 PM
Over the weekend we purchased and installed LSWS 4.0.12 Enterprise. We had been running Apache 2 and had several mod_security exceptions set up. We had /opt/mod_security/whitelist.conf define these exceptions but when we switched to LSWS it appears that it is using mod_security (lots of things are showing up in the modsec_audit.log) but that the exceptions we made are no longer working. Its as if the whitelist is being ignored.

Can anyone explain how mod_security configuration is done with LSWS or if there is a better way to handle functions that mod_security is providing?

Thanks

Mark
mistwang
02-15-2010, 12:00 PM
Can you post the whitelist.conf
mferguson
02-15-2010, 12:12 PM
Sure. It is:

SecRule Request_URI /frontend/x3/fantastico/autoinstall[a-zA-Z0-9]+.php phase:1,nolog,allow,ctl:ruleRemoveByID=340067
SecRule SERVER_NAME "ourdomainnamehere" phase:1,nolog,pass,ctl:ruleRemoveByID=340151
SecRule SERVER_NAME "ourdomainnamehere" phase:1,nolog,pass,ctl:ruleRemoveByID=340163

I've replaced the domain name above as my client doesn't want the address exposed in public forums.

Thanks!

Mark
mistwang
02-18-2010, 10:11 AM
ruleRemoveByID is not supported yet, so, the only option with LiteSpeed is to comment out those unwanted rules.
mferguson
02-18-2010, 04:13 PM
What rules are supported? For now I've had to disable all our rules since they were using ruleRemoveByID.

Thanks

Mark
UWH-David
06-12-2010, 07:45 PM
Yes, I am seeing a LOT of mod_security rules failing with LiteSpeed. Is there any common thread so we can convert these to LiteSpeed friendly rules quickly? Process of elimination when you have thousands of rules is just not going to work.
brrr
06-13-2010, 02:13 AM
Thousands of mod_security rules...:eek:

Little wonder you are looking into Litespeed on your server to improve performance :)
UWH-David
06-13-2010, 11:05 AM
Even disabled, suPHP is not very quick.

Thousands of mod_security rules...:eek:

Little wonder you are looking into Litespeed on your server to improve performance :)
mistwang
06-13-2010, 08:41 PM
Yes, I am seeing a LOT of mod_security rules failing with LiteSpeed. Is there any common thread so we can convert these to LiteSpeed friendly rules quickly? Process of elimination when you have thousands of rules is just not going to work.
If you do not mind, please send your rule set to bug@litespeed..., and tell us how to reproduce the issue (URL trigger it), we will investigate and improve the compatibility.
UWH-David
06-14-2010, 12:48 PM
The majority of our rules are seeded from the gotroot modsec rule subscription:
http://www.gotroot.com/mod_security+rules


If you do not mind, please send your rule set to bug@litespeed..., and tell us how to reproduce the issue (URL trigger it), we will investigate and improve the compatibility.
UWH-David
06-14-2010, 05:22 PM
What would be the most useful is if the log listed the ID of the mod_security rule which it is having troubles with.

The majority of our rules are seeded from the gotroot modsec rule subscription:
http://www.gotroot.com/mod_security+rules
UWH-David
06-16-2010, 10:44 AM
Is this thread true?

https://www.atomicorp.com/forums/viewtopic.php?f=14&t=4222