LiteSpeed Support Forums - lsws 4.1.11 not support modsec rules?

LiteSpeed Support Forums (http://www.litespeedtech.com/support/forum/index.php)

- Bug Reports (http://www.litespeedtech.com/support/forum/forumdisplay.php?f=9)

- - lsws 4.1.11 not support modsec rules? (http://www.litespeedtech.com/support/forum/showthread.php?t=5773)

DraCoola

03-16-2012 01:45 AM

lsws 4.1.11 not support modsec rules?

I just wondering about why there so many modsec rules suddenly lost it functions while using litespeed.
I had test it with a very simple rule for an example :

Code:

SecRule REQUEST_URI "^/abc\.php$" "deny"

As above rule expected, Apache bring 406 error page to http://domain.com/abc.php access.
But unfortunatelly, litespeed will still give us totaly freedom to access http://domain.com/abc.php.

Is there any special way to write that just "REQUEST_URI denial" modsec rule with litespeed?

mistwang

03-16-2012 07:50 AM

does abc.php file exists? and the file need to be processed as a script.
LiteSpeed ignore mod_sec for static files.

DraCoola

03-16-2012 04:26 PM

yes abc.php is exist.
the file is php file which have active script inside it.

DraCoola

03-19-2012 02:17 AM

Superb!
Force update 4.1.11 will fixed this modsec compatibily.
Thank you, George!

All times are GMT -7. The time now is 08:36 PM.