LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > General > mod_security

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 02-03-2011, 11:01 AM
mikegotroot mikegotroot is offline
New Member
  
Join Date: Feb 2011
Posts: 7
Quote:
Are you talking about "chain" and "skip" actions? those actions are supported currently.
There are litespeed users loading getroot or some other modsec rule sets. rules using regular express matching do work. It does not break LiteSpeed.
Thank you for the reply. No, I'm talking about the ability to actually creating branching logic using SecAction, Secskip, SecMarker and other methods. Example:

SecRule REQUEST_METHOD "@pm trace track connect post" \
"phase:1,t:none,t:lowercase,pass,nolog,skip:1"
SecAction phase:1,t:none,pass,nolog,skipAfter:END_FOO

SecRule REQUEST_METHOD "trac(?:e|k)" \ "phase:1,t:none,t:lowercase,id:340002,rev:2,severi ty:2,msg:'Atomicorp.com WAF Rules: TRACE/TRACK method denied'"

# Rule 340361: deny CONNECT method
SecRule REQUEST_METHOD "connect" \ "t:none,t:lowercase,capture,phase:1,t:lowercase,id :340361,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: CONNECT method denied',logdata:'%{TX.0}'"

SecMarker END_FOO

Do you support that? And what about the transforms in 2.5.13, like escapeSeqDecode, removecomments, and others. I could go on, but you get the point. I couldnt find any documentation on your WAF module, if you could point me to it then I would know what you do support, and what 2.5.x logic won't work with your WAF module. As it stands right now, I get several reports a week that the current gotroot and OWASP rules don't work with your implementation. If you dont support all the features in 2.5.13, then that makes sense. Could you please tell me what features you do support?

Quote:
There are litespeed users loading getroot or some other modsec rule sets. rules using regular express matching do work. It does not break LiteSpeed.
I'm a bit puzzled by this response. Do you support the whole rule language or not? It not, then rules won't work correctly (Modsecurity rules require a lot more than just regular expression matching). If your implementation is supposed to be a drop in replacement I'm glad to hear that, so can you confirm that you support the whole 2.5.13+ rule language? And if not, what do you support?
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 05:07 PM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.