LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > LSWS 4.1 Release > mod_security RESPONSE_BODY

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 03-29-2009, 06:07 AM
IrPr IrPr is offline
Senior Member
  
Join Date: Jul 2008
Posts: 147
Im totally agree with yolte

However it may decrease performances but its a trade off between security and performances
it can be disable by default and could be turned on with our own risk

Quote:
Originally Posted by yolte View Post
I think we have to protect customers web sites who doesn't have enough information about script security?
Can you give me examples which rules are protecting from php shells? (for ex: r57, c99)
c99 phpshells can be defected by some tricks because of using common GET args but r57 is more tricky and couldnt be defected without response body check
All phpshells based on malicious functions such exec, shell_exec, system, etc but we can catch local attackers with response body check

Hope be implemented in future
Last edited by IrPr; 03-29-2009 at 06:17 AM..
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 11:14 AM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.