|
We pay for litespeed as a product, it is not free it is not open source it is paid monthly and it is expensive, more expensive than any other component of web hosting except for the physical server itself.
We expect litespeed to take security seriously especially since it is a paid product. It is sad that there is better security support in the opensource apache which is free.
I understand supporting Atomic's rulesets are a chore... they are a damn chore to figure out just using apache which they were developed for.
But OWASP's modsecurity core ruleset is basic and simple and litespeed should make the effort to support at least their core ruleset.
I understand that litespeed is closed source which makes this a chore for you guys to maintain as stuff changes with the rulesets but either come up with a way for OWASP to be compatible or come up with your own rulesets
we pay a hefty price for your product and we deserve to have better support than this... this is what you are telling your customers in a nutshell:
"We support mod_security! .... but we are not going to tell you what rulesets will actually help protect your system and you can spend hours upon hours trying to make your own and testing which ones will actually work because we dont really support mod_security we just say we do."
That is not the kind of attitude a paid product should support... you should get your product up to snuff to support the basic open standard rulesets that are out there... or provide your customers with a list of rulesets that actually work to protect their systems.
|