mod_security & ModSecurity Core Rule Set
I was investigating using some of the OWASP rules for mod_security but I've found that almost none of them are useable with litespeed.
They appear to almost exclusively use SecRule TX:var style rules to create scores, and allow/deny based on the score. Which litespeed does not appear to support.
I also found that the following rule (which is part of the core rule set) causes litespeed to crash and auto-restart for every request.
Also, please add some documentation to inform people that the request filter config in litespeed's control panel is for native sites only.
still doesnt work on the latest litespeed ... really thinking about switching to apache 2.4
|All times are GMT -7. The time now is 06:19 AM.|