mod security - potential bug w/ default action under Request Filter

c0ldshadow

Well-Known Member
#1
using latest version of litespeed I tried changing default action for modsecurity blocking FROM:

log,deny,msg:'globalblock'


TO

log,drop,msg:'globalblock' (this is what it was originally)


this caused the webserver to crash as soon as i triggered a block rule (so all websites stopped working) tested this 3 times

only fix was rebooting the server

the crashes only occured after modsec rules triggered, not as soon as the change was made
 

mistwang

LiteSpeed Staff
#2
I could not make it crash by changing "deny" to "drop".
Do you get core file under /tmp/lshttpd/bak_core/ ?
Please install gdb to check the core file with gdb.
If you set admin's email, you will get email bug report for the crash.
 
Top