We have a new server up and running with Cent OS 5.2 and we are running ASL for security and our server keeps serving up 403 errors (and the end user see's the apache default web page) when people are inputting data on php input fields. Most of the errors show as XSS injection threats (which they are not).
If I disable litespeed and go back to apache the problems stop. I have also disabled several rules from mod_security and it helps sometimes. But we REALLY need to have this security in place on our server.
One another annoying issue is when bringing up hordemail it just gives us a blank page unless of course I turn off litespeed and enable apache.
Has any one figured out a way to deal with these mod_security issues with litespeed?
Litespeed tech was helping me with this problem but I think that there solution was to just disable the offending rules which just concerns me at this time.
Just change the version number in the download link to get it.
If the rewrite rule still bother you, please check the audit log and send us the corresponding security rules, or the whole security rule file.
Since the 4.0.4 update was posted I can confirm that I no longer have issues with horde giving me a blank login screen from Plesk. I am waiting to here from our members if this released corrected the other mod_security issues when using ASL.
Unfortunately even with 4.0.4 we are still experiencing quite a few apache default page problems with litespeed activated with ASL.
I was using a forum editor package today and it wouldn't even allow me to save the code to the database. It kept giving me the default apache page once I hit save.
There has got to be something you can do about this. Once again, if I turn off litespeed and go back to apache all of these default page problems disappear. Of course this is really not an option nor is disabling our security software.
Any other ideas from anyone or the staff here would be greatly appreciated.