.htaccess | modsecurity rules work on one vhost but no another
have litespeed v4.1.13
I have 2 vhosts, e.g. works.com and doesntwork.com
The same identical modsecurity rule works on one vhost but not the other
e.g. in the works.com vhost I have
SecFilterSelective "REMOTE_ADDR" "^5\.5\.5\.5$"
as expected, when I visit my site from my IP, I get blocked
The same exact rule doesn't work in the doesntwork.com vhost... e.g. i go to the 2nd vhost site and don't get blocked
Here is what is really odd though... other features of the doesntwork.com vhost are working fine, e.g. URL rewrites, htaccess password authorization... it's only modsecurity for which rules seem to be ignored in the doesntwork.com vhost
in looking through the settings in the litespeed webui, both vhosts seem to have identical settings..
I have tried gracefully restarting the webserver but no luck.
is this a known bug / issue? please advise regarding next steps to troubleshoot
Due to the relatively high cost of checking against mod_security rules for each every request, LiteSpeed selectively skips mod_sec for static files. if you check the web site against a dynamic page (PHP page), it should work.
|All times are GMT -7. The time now is 08:40 PM.|