A list of tested mod_security rulesets

Discussion in 'Feedback/Feature Requests' started by Monarobase, Feb 24, 2013.

  1. NiteWave

    NiteWave Administrator

    I think there is no difference between 4.2.8 and previous version regarding this rule.
    change
    Code:
    <LocationMatch /wp-login.php>
    to
    Code:
    <LocationMatch ".*/wp-login.php">
    should resolve
    Code:
    If my wordpress site is www.test.com/wp (or any subdirectory) the rule doesn't work
  2. bettinz

    bettinz Member

    I don't know if it's a problem on my system, but the rule doesn't work on subdirectory with
    Code:
    <LocationMatch ".*/wp-login.php">
    
    :(
  3. NiteWave

    NiteWave Administrator

    put following in httpd.conf
    Code:
    <LocationMatch ".*/wp-login.php">
    Order deny,allow
    Deny from all
    </LocationMatch>
    I ran tests
    /abc/wp-login.php
    /wp-login.php
    /xxx/wp-login.php/yyy
    ...
    all of above have received "403 Forbidden" as expected, under both apache and litespeed.

    of course, this only tests LocationMatch. not mod_security rule.
    can do disable mod_security rule temporarily, and ran above tests on LocationMatch first?
  4. bettinz

    bettinz Member

    I can confirm that Location Match works, thank you.
    Now I can't understand why the rule doesn't work :(
  5. mistwang

    mistwang LiteSpeed Staff

    <LocatioonMatch> must be in the main configuration file. does not work in .htaccess, same with Apache as designed.
  6. edigest

    edigest New Member

    I use the Atomic ruleset. The following rules are incompatible:

    00_asl_rbl.conf
    00_asl_z_antievasion.conf
    05_asl_scanner.conf
    09_asl_rules.conf
    11_asl_data_loss.conf
    40_asl_apache2-rules.conf
    98_asl_jitp.conf
    99_asl_a_redactor.conf
    99_asl_redactor.conf
    99_asl_redactor_post.conf
    99_asl_scanner.conf

    I believe all of the others are fine, although I only use a subset of the remaining rules.

Share This Page