08-08-2011, 02:31 AM
|
|
Member
|
|
Join Date: Jun 2010
Posts: 40
|
|
mod_security & ModSecurity Core Rule Set
I was investigating using some of the OWASP rules for mod_security but I've found that almost none of them are useable with litespeed.
They appear to almost exclusively use SecRule TX:var style rules to create scores, and allow/deny based on the score. Which litespeed does not appear to support.
eg:
Code:
unknown server variable while parsing: TX:REAL_IP
Any plans to begin supporting the features required for at least the base rules of the "ModSecurity Core Rule Set"?
I also found that the following rule (which is part of the core rule set) causes litespeed to crash and auto-restart for every request.
Code:
SecRule REQUEST_HEADERS:User-Agent "^(.*)$" "phase:1,id:'981217',t:none,pass,nolog,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{matched_var}"
I'm testing on ent4.1.3.
Also, please add some documentation to inform people that the request filter config in litespeed's control panel is for native sites only.
|
Linear Mode
