|
|
05-25-2012, 04:47 PM
|
|
Senior Member
|
|
Join Date: Nov 2007
Posts: 61
|
|
|
webizen,
why do I feel like I am talking in cirlces with you guys... read my posts above I showed you many rules which none of them work... I have tried every single ruleset available on the internet. None of them work.
SO why dont you as a company support your product and actually show us a ruleset that does work? instead you keep avoiding the fact that you have never provided a ruleset to anyone of your customers which actually works.
Why because they dont otherwise you would provide that list in your documentation ..
it shouldnt be me sending you all 100,000 rules that are available to show you that none fo them work...
it should be you showing your paying customers what rules actually work.
None of the OWASP rules work... none!
Maybe just maybe a small amount of atomics rules work, but I have yet to figure out which ones... but the list of supported atomic rules is so small that you might as well not use it at all cause those couple rules out of 1000's that dont work is going to provide much protection at all.
So why dont you show your customers what rules actually do work and what you do support because it is BS that you believe that your PAYING customers each by themselves should spend hundreds of hours writing out their own rulesets (if they have that knowledge) and testing through trial and error if those ruleset will even work.
And then once they get just a handful of rules that do work... the time was a waste because their limitations didnt allow them to load a ruleset that actually protects the system from any significant amount of attacks.
Search your own damn forums there is literally 100's of customers who ask you to fix the mod security compatiblity but yet you say things like "its low priority if there is more demand for it we might do it.
Why dont you remove mod security support and just tell people you dont support it, or get off your butts and provide a ruleset that will actually help protect systems from more than just a handful of attacks.
I asked you to support OWASP ruleset because it is very basic core ruleset and would be easy for you guys to make work, easier than atomic's ruleset would be but you guys dont want to support any rulesets or provide any rulesets so
Yes it is confirmed you dont support mod security...
|
05-25-2012, 05:47 PM
|
|
Senior Member
|
|
Join Date: Nov 2007
Posts: 61
|
|
Some other threads of people wondering why the rulesets dont work: some gone un-answered its like you guys are avoiding mod security like the plague
http://www.litespeedtech.com/support...ead.php?t=5203
http://www.litespeedtech.com/support...ead.php?t=2697
http://www.litespeedtech.com/support...ead.php?t=4727
THird party forum:
https://www.atomicorp.com/forums/vie...hp?f=14&t=4222
Quoted from that link:
Quote:
As may already know, Litespeed does not use or support mod_security. It does not include it or use, rather they created their own undocumented WAF module module that supposedly supports mod_security rules, but does not. It supports an undocumented subset of the mod_security rule language, and another subset (also undocumented) of modsecurity features and it also may not even work the same as modsecurity. Did I mention its undocumented?
With that said, understand the rules are not generating errors, litespeed WAF is creating the errors because it doesnt actually support modsecurity. If they documented their engine we could look at what rules might be possible for their webserver, but so far we and others have had no luck getting that information.
|
Even the first through 3rd page of this thread is full of people who cant get any rule sets to work:
http://www.litespeedtech.com/support...ead.php?t=4619
It is funny here is a quote you guys wrote on your blog:
http://blog.litespeedtech.com/tag/LiteSpeed/
Quote:
|
Our enterprise users have requested this feature and as always, we listen to our customers.
|
hmm weird I am an enterprise customer doesn't seem like I am being listened to. Heck its even hard to get you guys to respond which is why I am getting so frustrated.
All your customers want to see, is here we support these rulesets upload them to your server and restart litespeed....
Please provide rulesets or add support for OWASP if you dont want to maintain the rules.
|
05-28-2012, 03:33 AM
|
|
Senior Member
|
|
Join Date: Jul 2009
Posts: 55
|
|
|
I echo pretty much everything QuantumNet has said.
I've tried various rules using different methods and nothing appears to be working.
Why can't you guys just post a few examples of rules that you know to work to save everyone a lot of headache and trial and error?
|
07-17-2012, 09:32 PM
|
|
Member
|
|
Join Date: Sep 2011
Posts: 15
|
|
|
4.1.13 says "Improved compatibility of Apache mod_security."
Any further information on that? Searching the forums for mod_security is a bit disheartening as it seems the staff are avoiding the topic all together.
|
01-03-2013, 06:16 AM
|
|
New Member
|
|
Join Date: Jan 2013
Posts: 4
|
|
|
Has there been any further update to this? Does anyone know if the gotroot or mod_security rules in general are any better supported? There has been a string of Litespeed releases now which claims to have improved mod_Security support.
|
01-04-2013, 08:35 AM
|
|
LiteSpeed Staff
|
|
Join Date: May 2003
Location: New Jersey
Posts: 7,590
|
|
|
mod_security has been constantly adding new features as well as gotroot rulesets being updated, so do we to keep up with it.
The latest 4.2.1 build should work well with gotroot ruleset.
|
02-27-2013, 03:35 AM
|
|
New Member
|
|
Join Date: Feb 2013
Posts: 7
|
|
|
Hi,
I tried to add the following mod_security lines to my rules but don't work with Litespeed (it's from CXS). If I switch to Apache CXS is detecting infected files, but with Litespeed it didn't work. Could you please manage to get working ?:
SecRequestBodyAccess On
SecRule FILES_TMPNAMES "@inspectFile /etc/cxs/cxscgi.sh" \
"log,auditlog,deny,severity:2,phase:2,t:none,id:'1 010101'"
SecTmpDir /tmp
|
02-27-2013, 06:42 PM
|
|
LiteSpeed Staff
|
|
Join Date: Sep 2009
Posts: 2,226
|
|
|
|
03-04-2013, 05:09 PM
|
|
Member
|
|
Join Date: Apr 2011
Posts: 44
|
|
Quote:
Originally Posted by mistwang
mod_security has been constantly adding new features as well as gotroot rulesets being updated, so do we to keep up with it.
The latest 4.2.1 build should work well with gotroot ruleset.
|
I'm not so sure. Tried it with 4.2.1.
No matter what you tried to load, everything gave a 406:
Message: [client x.x.x.x] mod_security: Access denied with code 406, [Rule: '' ''] [severity "WARNING"] [MatchedString ""] |
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 05:40 PM.
|
|
