Search results

Hi, I have installed LiteSpeed on a shared web hosting server. The problem is that a normal refresh on a LiteSpeed powered site will not redownload all the components of that web page so if for example I refresh a html page it will not also refresh the CSS files associated with (linked to) the...

Well I located the per vhost include file: Include "/usr/local/apache/conf/userdata/std/2/account/*.conf" So I included in /usr/local/apache/conf/userdata/std/2/account/modsec.conf (the file was already there) the line: SecRule REQUEST_METHOD "POST"...

You mean inside httpd.conf? Do I simply take the rule and put it like that inside the vhost block in httpd.conf?

I don't want to change the config at vhost level. I just want to restrict a rule to a certain vhost. I tried this in modsec2.user.conf but it doesn't trigger (it doesn't log anything): SecAuditLogParts "ABCFHZ" ... <VirtualHost domain.com> SecRule REQUEST_METHOD "POST"...

Great, thanks. It seems to work. What about <VirtualHost>? Can I use it to limit POST payload loading to only a single Host on a shared server? Or can you suggest some other way to limit POST payload logging to a specific vhost? Thanks!

Hi, I looked it up in modsec_audit.log but it's missing part "C". Look: --281e42a8-A-- [13/Oct/2015:15:52:26 +0300] - 54.147.159.154 33082 xxx.yyy.zzz.ttt:80 80 --281e42a8-B-- POST / HTTP/1.1 Host: domain.com Content-Length: 27 User-Agent: runscope/0.1 Accept: */* Accept-Encoding: gzip...

Hi, I have this rule in modsec2.user.conf meant to log POST payload for a specific domain.com: <VirtualHost domain.com> SecRule REQUEST_METHOD "POST" "phase:2,log,id:22222223" </VirtualHost> But it's not logging anything. Does LiteSpeed support VirtualHost? Thanks!

The target is a SecRule and I believe 1.234.123.450 falls inside a 32bit integer scope.

But the skipAfter target exists.

Hi, I was wondering if LiteSpeed should have any issue with this kind of mod_security directive: SecAction phase:2,pass,nolog,skipAfter:1234123450,id:1234123411 My problem is that the rule list stops being processed at any such line. I didn't know why mod_security is not working on our...

Hello, As some may know already, Chrome ver 44 is braking quite a few WP sites by enforcing HTTPS even on sites not using SSL. A solution that is working on apache is placing this directive in .htaccess: RequestHeader unset HTTPS But on LS 5.0.3 it doesn't seem to work. Any idea why is that...

Well...like any shared hosting server...it has static sites, it has WPs, it has Joomlas, it has Magentos...it's got everything you can imagine except IRC and games. Regards!

Hi, Thanks! But...what about my question? Is it advisable to enable LS Cache on a shared cPanel server with hundreds of sites? Regards!

Hi, Is it advisable and possible to setup the LS Cache for an entire shared cPanel server or it must be enabled only for certain paths? I mainly refer to this warning from the Wiki: "It is worth noting that the cache function SHOULD ONLY be used for the pages that are supposed to be cached...