LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > Feedback/Feature Requests > Litespeed and CXS

Reply
 
Thread Tools Display Modes
  #1  
Old 02-04-2011, 03:10 AM
masood_y masood_y is offline
Senior Member
  
Join Date: Sep 2008
Posts: 121
Default Litespeed and CXS
What is CXS?
ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server. (MORE ...)

What is problem?
CXS unable to detect and quarantine expolites uploaded with web-scripts or cpanel file manager.

We called CXS support team and they said:
You are running Litespeed instead of Apache. We can provide no support for cxs script upload scanning with litespeed. If you were also having problems with cxs script upload scanning when running Apache without litespeed, please switch back to Apache and we can have a look then.

Is it posible to fix in feature version of Litspeed? Because CXS is very very important and useful script for detect, quarantine and suspend expolites and abuse files.
Reply With Quote
  #2  
Old 02-04-2011, 05:53 AM
NiteWave NiteWave is offline
LiteSpeed Staff
  
Join Date: Sep 2009
Posts: 2,226
search cxs on the forum can find a few other posts regarding cxs.

I'd summary here. it requires litespeed to support following mod_security rules:

SecUploadFileMode 0644
SecRule FILES_TMPNAMES "@inspectFile /etc/cxs/cxscgi.sh" \
"id:351000,rev:1,severity:2,msg:'Atomicorp.com Upload Malware Scanner:
Malicious File upload attempt detected and blocked',log,deny,auditlog,status:403,t:none"

SecRequestBodyAccess On
SecRule FILES_TMPNAMES "@inspectFile /etc/cxs/cxscgi.sh" \
"log,auditlog,deny,severity:2,id:'1010101'"

since we're investigating complete support for mod_security 2.5.x now, it's a good timing to bring up this issue here
Reply With Quote
  #3  
Old 02-04-2011, 09:28 AM
masood_y masood_y is offline
Senior Member
  
Join Date: Sep 2008
Posts: 121
Thank you for your reply.
I changed my mod_security to above setting, but CXS unable to detect with web-script too.
Reply With Quote
  #4  
Old 02-04-2011, 09:49 AM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,590
"@inspectFile" operator is not supported now.
Reply With Quote
  #5  
Old 02-04-2011, 10:04 AM
masood_y masood_y is offline
Senior Member
  
Join Date: Sep 2008
Posts: 121
Quote:
Originally Posted by mistwang View Post
"@inspectFile" operator is not supported now.
What is exact mod_security rules please?
Reply With Quote
  #6  
Old 02-04-2011, 11:24 AM
masood_y masood_y is offline
Senior Member
  
Join Date: Sep 2008
Posts: 121
Quote:
Originally Posted by masood_y View Post
What is exact mod_security rules please?
Help me please.
What is correct mod_security cxs rules for last installed litespeed?
Reply With Quote
  #7  
Old 02-05-2011, 03:15 AM
NiteWave NiteWave is offline
LiteSpeed Staff
  
Join Date: Sep 2009
Posts: 2,226
please refer this old thread:
http://www.litespeedtech.com/support...ad.php?p=21226
"use it via suhosin"
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 07:43 PM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.