lsws 4.1.11 not support modsec rules?

Discussion in 'Bug Reports' started by DraCoola, Mar 16, 2012.

  1. DraCoola

    DraCoola Member

    I just wondering about why there so many modsec rules suddenly lost it functions while using litespeed.
    I had test it with a very simple rule for an example :

    Code:
    SecRule REQUEST_URI "^/abc\.php$" "deny"
    As above rule expected, Apache bring 406 error page to http://domain.com/abc.php access.
    But unfortunatelly, litespeed will still give us totaly freedom to access http://domain.com/abc.php.

    Is there any special way to write that just "REQUEST_URI denial" modsec rule with litespeed?
    Last edited: Mar 16, 2012
  2. mistwang

    mistwang LiteSpeed Staff

    does abc.php file exists? and the file need to be processed as a script.
    LiteSpeed ignore mod_sec for static files.
  3. DraCoola

    DraCoola Member

    yes abc.php is exist.
    the file is php file which have active script inside it.
  4. DraCoola

    DraCoola Member

    Superb!
    Force update 4.1.11 will fixed this modsec compatibily.
    Thank you, George!

Share This Page