LSWS 4.2.2 VS mod_security

[DraCoola]

Latest 4.2.2 build won't block with this simple rule :

####
SecRule REQUEST_URI "/any-folder/.+/filename.\php" "id:20202020,rev:1,severity:2,msg:'must be denied',deny" \
####

Performing /usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.1 and then the rule above did block filename.php as it should be.



Please fix it

[DraCoola]

any help from anybody?

[NiteWave]

Hi, it has been fixed. will be in next build.

Thanks for your reporting.

[DraCoola]

Hi NiteWave,

Thank you, I will waiting so much for that next build.
By the way :

-----------------
lsphp5:/home/username/andsoon
-----------------

will be more neat than :

-----------------
/usr/local/lsws/fcgi-bin/lsphp5:/home/username/andsoon
-----------------

that you are using now on 4.2.2, while running top -c in ssh

[DraCoola]

any update yet?
because using 4.2.1 with Atomic rule set makes lsws restart oftenly

[mistwang]

new build has been uploaded. you can do a force reinstall see if work better this time.

[DraCoola]

thank you very much, George.
it work flawlessly now

[DraCoola]

by the way I hope next build of lsws will revert back to neat old fashion of lsws processing as bellow :





because newest build showing too long line of process :

[mistwang]

You can download the upcoming PHP LSAPI 6.2 http://www.litespeedtech.com/package...espeed-6.2.tgz, apply it to php-xxx/sapi/litespeed, make, copy to lsws/fcgi-bin/, to get what you want.

[brrr]

After several years of running the same rules on LSWS Standard without any problem all the way up to 4.2.1, I just upgraded to 4.2.2 and now see a lot of this:

2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT

The rules are simple ones that looks like this:

Quote:

SecFilterSelective HEADER_USER_AGENT ^Morfeus

or

Quote:

SecFilterSelective HEADER_USER_AGENT "Toata"

And the action is:

Quote:

log,deny,status:404,msg:'Badbot blocked'

Why do these rules break now?