LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > External Applications > Apache Migration/Compatibility > mod_security question

Reply
 
Thread Tools Display Modes
  #1  
Old 07-31-2007, 10:04 AM
ffeingol ffeingol is offline
Senior Member
  
Join Date: Jul 2007
Location: /dev/null
Posts: 290
Default mod_security question
OK, we're running an Enterprise version of LSWS on a VPS with cPanel. We have mod_security setup. For now we have just 1 rule for testing:

SecFilter "testit"

.shtml pages are being proxied to Apache.

If we browse http://www.mydomain.com/blah.shtml?testit then Apache blocks the request with a 406 (our error code set in the conf) and mod_security works properly. If we browse to http://www.mydomain.com/blah.php?testit LSWS serves up the page. I though LSWS should be reading the mod_security rules and applying them?

TIA,

Frank
Reply With Quote
  #2  
Old 07-31-2007, 10:50 AM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,590
How this rule was configured? in httpd.conf? which section of httpd.conf? or in LiteSpeed web console?
Can you please try the rule in another format?

SecFilterSelective "ARGS" "testit"

should have the same effect as yours, I just want to make sure it is not a bug with "SecFilter" directive.
Reply With Quote
  #3  
Old 07-31-2007, 10:59 AM
ffeingol ffeingol is offline
Senior Member
  
Join Date: Jul 2007
Location: /dev/null
Posts: 290
Hello,

Yes, it's in httpd.conf. It's configured in the "default" cPanel config (if you use mod_security installed via cPanel).

Code:
AddModule mod_security.c
Include "/usr/local/apache/conf/modsec.conf"
and then /usr/local/apache/conf/modsec.conf has:

Code:
<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,log,status:406"
SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
Include "/usr/local/apache/conf/modsec.user.conf"
</IfModule>
and then finally modsec.user.conf

Code:
#SecFilter "testit"
SecFilterSelective "ARGS" "testit"
The results are the same for either form of the rule. The apache proxy works, LSWS does not.

Frank
Reply With Quote
  #4  
Old 07-31-2007, 12:00 PM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,590
It turns out to be a bug parsing query string with only one variable name, if there are other request variable or has a value, it will be caught.

The fix is in our 3.2.1 build, can you download and give it a try.
Reply With Quote
  #5  
Old 07-31-2007, 12:08 PM
ffeingol ffeingol is offline
Senior Member
  
Join Date: Jul 2007
Location: /dev/null
Posts: 290
Where/how do I download 3.2.1? The download pages looks like it only has 3.2.

TIA,

Frank
Reply With Quote
  #6  
Old 07-31-2007, 12:13 PM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,590
Just change the version number to 3.2.1 in the download link
Reply With Quote
  #7  
Old 07-31-2007, 08:03 PM
ffeingol ffeingol is offline
Senior Member
  
Join Date: Jul 2007
Location: /dev/null
Posts: 290
Thanks much. That fixed the issue.

Frank
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 06:08 AM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.