Litespeed and CXS

Discussion in 'Feedback/Feature Requests' started by masood_y, Feb 4, 2011.

  1. masood_y

    masood_y New Member

    What is CXS?
    ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server. (MORE ...)

    What is problem?
    CXS unable to detect and quarantine expolites uploaded with web-scripts or cpanel file manager.

    We called CXS support team and they said:
    You are running Litespeed instead of Apache. We can provide no support for cxs script upload scanning with litespeed. If you were also having problems with cxs script upload scanning when running Apache without litespeed, please switch back to Apache and we can have a look then.

    Is it posible to fix in feature version of Litspeed? Because CXS is very very important and useful script for detect, quarantine and suspend expolites and abuse files.
  2. NiteWave

    NiteWave Administrator

    search cxs on the forum can find a few other posts regarding cxs.

    I'd summary here. it requires litespeed to support following mod_security rules:

    SecUploadFileMode 0644
    SecRule FILES_TMPNAMES "@inspectFile /etc/cxs/cxscgi.sh" \
    "id:351000,rev:1,severity:2,msg:'Atomicorp.com Upload Malware Scanner:
    Malicious File upload attempt detected and blocked',log,deny,auditlog,status:403,t:none"

    SecRequestBodyAccess On
    SecRule FILES_TMPNAMES "@inspectFile /etc/cxs/cxscgi.sh" \
    "log,auditlog,deny,severity:2,id:'1010101'"

    since we're investigating complete support for mod_security 2.5.x now, it's a good timing to bring up this issue here :)
  3. masood_y

    masood_y New Member

    Thank you for your reply.
    I changed my mod_security to above setting, but CXS unable to detect with web-script too.
  4. mistwang

    mistwang LiteSpeed Staff

    "@inspectFile" operator is not supported now.
  5. masood_y

    masood_y New Member

    What is exact mod_security rules please?
  6. masood_y

    masood_y New Member

    Help me please.
    What is correct mod_security cxs rules for last installed litespeed?
  7. NiteWave

    NiteWave Administrator

Share This Page