LSWS 4.2.2 VS mod_security

Discussion in 'Bug Reports' started by DraCoola, Mar 20, 2013.

  1. DraCoola

    DraCoola Member

    Latest 4.2.2 build won't block with this simple rule :

    ####
    SecRule REQUEST_URI "/any-folder/.+/filename.\php" "id:20202020,rev:1,severity:2,msg:'must be denied',deny" \
    ####

    Performing /usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.1 and then the rule above did block filename.php as it should be.



    Please fix it :(
    Last edited: Mar 20, 2013
  2. DraCoola

    DraCoola Member

    any help from anybody?
  3. NiteWave

    NiteWave Administrator

    Hi, it has been fixed. will be in next build.

    Thanks for your reporting. :)
  4. DraCoola

    DraCoola Member

    Hi NiteWave,

    Thank you, I will waiting so much for that next build.
    By the way :

    -----------------
    lsphp5:/home/username/andsoon
    -----------------

    will be more neat than :

    -----------------
    /usr/local/lsws/fcgi-bin/lsphp5:/home/username/andsoon
    -----------------

    that you are using now on 4.2.2, while running top -c in ssh
    Last edited: Mar 21, 2013
  5. DraCoola

    DraCoola Member

    any update yet?
    because using 4.2.1 with Atomic rule set makes lsws restart oftenly :(

    [​IMG]

    [​IMG]
    Last edited: Mar 21, 2013
  6. mistwang

    mistwang LiteSpeed Staff

    new build has been uploaded. you can do a force reinstall see if work better this time.
  7. DraCoola

    DraCoola Member

    thank you very much, George.
    it work flawlessly now :)
  8. DraCoola

    DraCoola Member

    by the way I hope next build of lsws will revert back to neat old fashion of lsws processing as bellow :

    [​IMG]



    because newest build showing too long line of process :

    [​IMG]
  9. mistwang

    mistwang LiteSpeed Staff

  10. brrr

    brrr New Member

    After several years of running the same rules on LSWS Standard without any problem all the way up to 4.2.1, I just upgraded to 4.2.2 and now see a lot of this:

    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.114 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT
    2013-03-23 13:26:04.115 ERROR [ModSecurity] unknown server variable while parsing: HEADER_USER_AGENT

    The rules are simple ones that looks like this:

    or
    And the action is:
    Why do these rules break now?
    Last edited: Mar 23, 2013
  11. DraCoola

    DraCoola Member

    hi brr,

    you might want to try "SecRule REQUEST_HEADERS:User-Agent" than "SecFilterSelective HEADER_USER_AGENT"
  12. mistwang

    mistwang LiteSpeed Staff

    Yes, time to update your mod_sec rules to 2.5+ syntax.
  13. brrr

    brrr New Member

    Thank you DraCoola and mistwang! Using the 2.5 syntax did work.

    I should have updated the syntax to 2.5 a long time ago I suppose.

    But it was a case of 'if it ain't broke, don't fix it', so up until 4.2.2, I got lazy. :)

Share This Page