mod_security support

#1
Over the weekend we purchased and installed LSWS 4.0.12 Enterprise. We had been running Apache 2 and had several mod_security exceptions set up. We had /opt/mod_security/whitelist.conf define these exceptions but when we switched to LSWS it appears that it is using mod_security (lots of things are showing up in the modsec_audit.log) but that the exceptions we made are no longer working. Its as if the whitelist is being ignored.

Can anyone explain how mod_security configuration is done with LSWS or if there is a better way to handle functions that mod_security is providing?

Thanks

Mark
 
#3
Sure. It is:

SecRule Request_URI /frontend/x3/fantastico/autoinstall[a-zA-Z0-9]+.php phase:1,nolog,allow,ctl:ruleRemoveByID=340067
SecRule SERVER_NAME "ourdomainnamehere" phase:1,nolog,pass,ctl:ruleRemoveByID=340151
SecRule SERVER_NAME "ourdomainnamehere" phase:1,nolog,pass,ctl:ruleRemoveByID=340163

I've replaced the domain name above as my client doesn't want the address exposed in public forums.

Thanks!

Mark
 
#6
Yes, I am seeing a LOT of mod_security rules failing with LiteSpeed. Is there any common thread so we can convert these to LiteSpeed friendly rules quickly? Process of elimination when you have thousands of rules is just not going to work.
 

brrr

Well-Known Member
#7
Thousands of mod_security rules...:eek:

Little wonder you are looking into Litespeed on your server to improve performance :)
 

mistwang

LiteSpeed Staff
#9
Yes, I am seeing a LOT of mod_security rules failing with LiteSpeed. Is there any common thread so we can convert these to LiteSpeed friendly rules quickly? Process of elimination when you have thousands of rules is just not going to work.
If you do not mind, please send your rule set to bug@litespeed..., and tell us how to reproduce the issue (URL trigger it), we will investigate and improve the compatibility.
 
Top