litespeed ignore an include

Discussion in 'General' started by DoM, Apr 17, 2013.

  1. DoM

    DoM New Member

    Hello,
    on one webserver with cPanel we notice following:

    inside file /usr/local/apache/conf/modsec2.user.conf we have following content after including gotrules directive:

    Include /usr/local/apache/conf/modsec/*.conf

    <LocationMatch .*>
    SecRuleRemoveById 391213
    </LocationMatch>

    On more than 50 servers it works.

    Just on one server this directive is ignored and rule always matched.


    We have SAME IDENTICAL configuration of litespeed, apache, cPanel.

    I do not understand how it's possible.

    We tried also to remove completely litespeed and reinstall it but no way.

    Also we notice on this server that with command ps axuwwf instead of see regular processlist like this with a SHORT PATH:

    nobody 838399 0.3 0.6 220056 99900 ? Sl 01:08 0:35 \_ litespeed (lshttpd)
    nobody 838400 3.3 0.6 243656 113000 ? Sl 01:08 4:57 \_ litespeed (lshttpd)
    xxxxxxx 880947 11.1 0.2 410544 33820 ? S 03:36 0:03 \_ lsphp5
    xxxxxxx 880976 13.0 0.4 353352 70480 ? S 03:36 0:01 \_ lsphp5:eek:me/xxxxxxx/public_html/xxxxxxx/index.php

    We see always FULL PATH of lsphp5:

    nobody 473560 0.5 0.5 214592 89464 ? Sl 03:32 0:01 \_ litespeed (lshttpd)
    nobody 473561 2.1 0.5 222196 92232 ? Sl 03:32 0:06 \_ litespeed (lshttpd)
    xxxxxxx 473572 0.0 0.1 298404 18192 ? S 03:32 0:00 \_ /usr/local/lsws/fcgi-bin/lsphp5:/home/xxxxxxx/public_html/xxxx/xxxx.php

    This happen ONLY on this server on more than 50 that i repeat have same configuration.

    We checked configuration automatically with our scripts and manually but no difference at all.

    Waiting for your reply

    Regards
  2. NiteWave

    NiteWave Administrator

    is the LSAPI version different?

    can check it by
    /usr/local/lsws/fcgi-bin/lsphp5 -i |head
  3. DoM

    DoM New Member

    No same: Server API => LiteSpeed V6.1

    Waiting for your reply

    Regards
  4. DoM

    DoM New Member

    Do you know what it could be or where i can check about ?


    Waiting for your reply

    Best regards
  5. NiteWave

    NiteWave Administrator

    yes, really puzzled per your description. have you done the force-reinstall, to ensure the problem one running latest 4.2.2 ?
  6. DoM

    DoM New Member

    Yes did it but nothing change.

    Waiting for your reply

    Regards
  7. DoM

    DoM New Member

    Any news ?

    I also notice on ALL servers with litespeed last version ( downloaded it today ) following error message:

    2013-05-17 15:14:02.495 ERROR [ModSecurity] unknown server variable while parsing: Location
    2013-05-17 15:14:02.495 ERROR [ModSecurity] unknown server variable while parsing: Location
    2013-05-17 15:14:02.495 ERROR [ModSecurity] unknown server variable while parsing: Location
    2013-05-17 15:14:02.495 ERROR [ModSecurity] unknown server variable while parsing: Location
    2013-05-17 15:14:02.495 ERROR [ModSecurity] unknown server variable while parsing: Location
    2013-05-17 15:14:02.495 ERROR [ModSecurity] unknown server variable while parsing: Location
    2013-05-17 15:14:02.496 ERROR [ModSecurity] unknown server variable while parsing: Location
    2013-05-17 15:14:02.496 ERROR [ModSecurity] unknown server variable while parsing: Location
    2013-05-17 15:14:02.535 ERROR [ModSecurity] unknown server variable while parsing: WWW-Authenticate
    2013-05-17 15:14:02.702 ERROR [ModSecurity] unknown server variable while parsing: FILES_TMPNAMES

    As you can see Location directive does not work anymore.

    In previous version no problem at all.


    Waiting for your reply


    Regards
  8. mistwang

    mistwang LiteSpeed Staff

    Please grep your mod_security rule for "Location", it is in a "SecRule ...", not in <Location ...> directive.
    Please give us an example, so we can analyze.
  9. DoM

    DoM New Member

    On file modsec2.user.conf in cPanel we added following rules:


    <LocationMatch .*>
    SecRule REMOTE_ADDR "@pmFromFile /xxx/xxx/whitelist" "nolog,phase:1,allow,id:1000001"
    </LocationMatch>

    <LocationMatch .*>
    # BUG - Login CMS cookie expired
    SecRuleRemoveById 391213
    </LocationMatch>

    This is an example about.

    Same problem on version 4.2.3

    On FIRST version of release 4.2.2 ( not last one ), this error wss not present.

    Waiting for your reply

    Regards
  10. NiteWave

    NiteWave Administrator

Share This Page