[markb1439]

To clarify, here is what gotroot says about LiteSpeed and mod_security:

Quote:

As may already know, Litespeed does not use or support mod_security. It does not include it or use, rather they created their own undocumented WAF module module that supposedly supports mod_security rules, but does not. It supports an undocumented subset of the mod_security rule language, and another subset (also undocumented) of modsecurity features and it also may not even work the same as modsecurity. Did I mention its undocumented?

Is this true? If so, this is very concerning because LiteSpeed is advertised as a completely Apache-compatible, drop-in replacement. However, if the comments above are true, LiteSpeed ignores an important, major part of Apache functionality. An omission such as this should be disclosed, IMHO.

Or am I missing something? I look forward to a definitive answer about LiteSpeed and mod_security (and security in general).

Thanks.