LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > General > mod_sec SCRIPT_BASENAME not working?

Reply
 
Thread Tools Display Modes
  #1  
Old 03-08-2012, 08:37 AM
optize optize is offline
Senior Member
  
Join Date: Feb 2010
Posts: 121
Default mod_sec SCRIPT_BASENAME not working?
I have a simple mod_sec rule to block spam.html:

SecRule SCRIPT_BASENAME "spam\.html" "t:none,deny"

This works fine in Apache, however it doesn't trigger on Litespeed.

Is this a known issue?
Reply With Quote
  #2  
Old 03-08-2012, 03:04 PM
webizen webizen is offline
LiteSpeed Staff
  
Join Date: Oct 2010
Posts: 2,337
litespeed skips modsec rules for static file like *.html as it would not cause any real issue. so it is by design not an overlook or bug.
Reply With Quote
  #3  
Old 03-08-2012, 03:05 PM
optize optize is offline
Senior Member
  
Join Date: Feb 2010
Posts: 121
Quote:
Originally Posted by webizen View Post
litespeed skips modsec rules for static file like *.html as it would not cause any real issue. so it is by design not an overlook or bug.
Is there a way to turn it on? I need mod_sec to work on all file types.
Reply With Quote
  #4  
Old 03-08-2012, 04:00 PM
webizen webizen is offline
LiteSpeed Staff
  
Join Date: Oct 2010
Posts: 2,337
use workaround like followings:

Quote:
<Files ~ "spam.html">
Order allow,deny
Deny from all

Satisfy All
</Files>

<FilesMatch "\.php">
Order allow,deny
Deny from all

Satisfy All
</FilesMatch>
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 09:37 PM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.