|
|
01-21-2012, 07:58 PM
|
|
Member
|
|
Join Date: Jan 2012
Posts: 10
|
|
Request Filters
Hi there. I could use some help getting LiteSpeed Request Filters figured out please. I'm attaching some screenshots to show my current configuration. Problem: With the configuration you see in the screenshots, LiteSpeed is not "passing" on either of the two Request Filter Rule Sets that I've got, can you please explain why? Both the Rules are being denied, but I only want them to be logged, and then pass through silent, allowing access (this is just a test so I can understand how things work).
My Default Action is: log,deny,status:403
Each Rule Set has the Action: msg:"[message]",pass
I guess I'm not understanding something? After reading the documentation on mod_security, I thought that a Disruptive Action of "pass" in the Rule Set, would override that of the Default Action, which is "deny". Is that not correct?
|
01-22-2012, 09:27 PM
|
|
LiteSpeed Staff
|
|
Join Date: Sep 2009
Posts: 2,220
|
|
Quote:
|
I thought that a Disruptive Action of "pass" in the Rule Set, would override that of the Default Action, which is "deny". Is that not correct?
|
I did local test, the result is : yes, should override.
the attached picture is not clear. |
01-22-2012, 11:34 PM
|
|
Member
|
|
Join Date: Jan 2012
Posts: 10
|
|
re: Request Filters
Thanks. Here are better screenshots.
http://img16.imageshack.us/img16/8712/snag0039.png
http://img827.imageshack.us/img827/5732/snag0038.png
Quote:
|
I did local test, the result is : yes, should override.
|
Sorry, does that mean that my assumption is correct then? My rules SHOULD be passing, instead of triggering a 403 status and denying the request?
What is happening is that these rules which are configured to "pass" are still being denied with a 403 status. I'm not sure if I have something configured incorrectly, or I'm missing something, or if it's a bug. Any help is appreciated. Thank you so much!
|
01-22-2012, 11:50 PM
|
|
LiteSpeed Staff
|
|
Join Date: Sep 2009
Posts: 2,220
|
|
still can't view the image.
Quote:
|
My rules SHOULD be passing
|
right
|
01-23-2012, 12:47 PM
|
|
LiteSpeed Staff
|
|
Join Date: Oct 2010
Posts: 2,337
|
|
Quote:
Originally Posted by JasonWSInc
Thank you. I'll test again just to be sure.
...
|
You should enable audit logging to troubleshoot.
Last edited by webizen; 01-23-2012 at 12:55 PM..
|
01-23-2012, 12:48 PM
|
|
Member
|
|
Join Date: Jan 2012
Posts: 10
|
|
re: Request Filters
Audit logging is enabled, as seen in the screenshots I attached. That's how I know it's not working as expected. These rules are being triggered even though they're suppose to pass.
|
01-23-2012, 01:00 PM
|
|
Member
|
|
Join Date: Jan 2012
Posts: 10
|
|
re: Request Filters
I'm running Litespeed Web Server Enterprise v4.1.10 with FireHost on Ubuntu 64-bit.
|
01-23-2012, 02:16 PM
|
|
LiteSpeed Staff
|
|
Join Date: Oct 2010
Posts: 2,337
|
|
Quote:
Originally Posted by JasonWSInc
Audit logging is enabled, as seen in the screenshots I attached. That's how I know it's not working as expected. These rules are being triggered even though they're suppose to pass.
|
Sorry for the confusion. Yes, you may put 'log,' in the override rule to update audit log.
tested on ubuntu 11.10 64bit env in our lab. override rules are in effect: when 'pass' is used, no blockage.
btw, are you using lsws native vhost or you have apache vhost in httpd.conf? |
01-24-2012, 01:26 PM
|
|
Member
|
|
Join Date: Jan 2012
Posts: 10
|
|
re: Request Filters
I'm running with native vhost configuration, no Apache configuration file. Everything I've done so far is through the web console for LiteSpeed.
I'll test this again tonite and see if I can find out more. Until then, if you have any other ideas, please let me know.
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 02:29 AM.
|
|
