[QuantumNet]

Some other threads of people wondering why the rulesets dont work: some gone un-answered its like you guys are avoiding mod security like the plague

http://www.litespeedtech.com/support...ead.php?t=5203

http://www.litespeedtech.com/support...ead.php?t=2697

http://www.litespeedtech.com/support...ead.php?t=4727


THird party forum:
https://www.atomicorp.com/forums/vie...hp?f=14&t=4222

Quoted from that link:

Quote:

As may already know, Litespeed does not use or support mod_security. It does not include it or use, rather they created their own undocumented WAF module module that supposedly supports mod_security rules, but does not. It supports an undocumented subset of the mod_security rule language, and another subset (also undocumented) of modsecurity features and it also may not even work the same as modsecurity. Did I mention its undocumented?

With that said, understand the rules are not generating errors, litespeed WAF is creating the errors because it doesnt actually support modsecurity. If they documented their engine we could look at what rules might be possible for their webserver, but so far we and others have had no luck getting that information.

Even the first through 3rd page of this thread is full of people who cant get any rule sets to work:

http://www.litespeedtech.com/support...ead.php?t=4619


It is funny here is a quote you guys wrote on your blog:
http://blog.litespeedtech.com/tag/LiteSpeed/

Quote:

Our enterprise users have requested this feature and as always, we listen to our customers.

hmm weird I am an enterprise customer doesn't seem like I am being listened to. Heck its even hard to get you guys to respond which is why I am getting so frustrated.

All your customers want to see, is here we support these rulesets upload them to your server and restart litespeed....

Please provide rulesets or add support for OWASP if you dont want to maintain the rules.