LSWS 4.2.3 VS mod_security

Discussion in 'Bug Reports' started by DraCoola, Jun 4, 2013.

  1. DraCoola

    DraCoola Member

    I've found that :
    Code:
    <LocationMatch .*>
            SecRuleRemoveById xxxxxx
    </LocationMatch>
    won't work with 4.2.3 :confused:
    please fix this.
  2. NiteWave

    NiteWave Administrator

  3. DraCoola

    DraCoola Member

    hi NiteWave, thanks for your response.
    LocationMatch are placed on :

    /usr/local/apache/conf/userdata/std/2/username/

    and

    /usr/local/apache/conf/

    those works fine on 4.2.2, so I revert back to 4.2.2 to solve this.
  4. NiteWave

    NiteWave Administrator

    will notify the development.

    since it's <LocationMatch .*>, how about just remove it and will it work under 4.2.3 ?
  5. DraCoola

    DraCoola Member

    i am sorry, NiteWave, but that can't be done.
    some websites need to exclude some of specific atomic modsec rules to get their site working.
    because that was not just .* but either to website path for an example :

    Code:
    <LocationMatch "/adminpanel/sidebar_option.php">
    	SecRuleRemoveById 34xxx
    	SecRuleRemoveById 34xxx
    	SecRuleRemoveById 34xxx
    </LocationMatch>
    so i'd better waiting for your next 4.2.3 latest build update.
  6. mistwang

    mistwang LiteSpeed Staff

    new build of 4.2.3 has been uploaded. Please give it a try.
  7. TheBigK

    TheBigK New Member

    How do I get the new version? No notification in WHM. Getting the same error and it's really frustrating!
  8. webizen

    webizen New Member

    no notification for new build of the same version. just do force install either from admin console or command line.
  9. Karl

    Karl New Member

    mod_security in 4.2.3 is completely broken based on our testing. You need to go back to 4.2.1 to get it working correctly.

Share This Page