LiteSpeed Support Forums

LiteSpeed Support Forums (http://www.litespeedtech.com/support/forum/index.php)
-   Install/Configuration (http://www.litespeedtech.com/support/forum/forumdisplay.php?f=11)
-   -   mod_security & ModSecurity Core Rule Set (http://www.litespeedtech.com/support/forum/showthread.php?t=5203)

anything 08-08-2011 02:31 AM
mod_security & ModSecurity Core Rule Set
 
I was investigating using some of the OWASP rules for mod_security but I've found that almost none of them are useable with litespeed.
They appear to almost exclusively use SecRule TX:var style rules to create scores, and allow/deny based on the score. Which litespeed does not appear to support.
eg:
Code:
unknown server variable while parsing: TX:REAL_IP
Any plans to begin supporting the features required for at least the base rules of the "ModSecurity Core Rule Set"?

I also found that the following rule (which is part of the core rule set) causes litespeed to crash and auto-restart for every request.
Code:
SecRule REQUEST_HEADERS:User-Agent "^(.*)$" "phase:1,id:'981217',t:none,pass,nolog,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{matched_var}"
I'm testing on ent4.1.3.

Also, please add some documentation to inform people that the request filter config in litespeed's control panel is for native sites only.

QuantumNet 04-28-2012 03:02 PM
still doesnt work on the latest litespeed ... really thinking about switching to apache 2.4


All times are GMT -7. The time now is 03:54 AM.