Mod_security / Mod_rewrite rule not working after LSWS switch

#1
Greetings all!

We recently switched from Apache to LSWS on one our cPanel servers and we are having a problem with a rule for mod_rewrite/mod_security that is not being used properly after the switch.

The mod_rewrite rule is designed to block bad user-agents from accessing one part of the site and as noted, it worked prior to the switch to LSWS. The .htaccess file is located in /home/userdir/public_html/repo/.htaccess. The Mod_rewrite rule we were using is below:

<IfModule mod_rewrite.c>
RewriteEngine on
#RewriteBase /
#Block access based upon User-Agent name
SetEnvIfNoCase User-Agent "^InstallerApp(.*)" blocked_apps=1

Order Allow,Deny
Allow from all
Deny from env=blocked_apps
</IfModule>

As noted, this was not working after we upgraded to LiteSpeed but the other rules in this .htaccess file still work fine.

Since this didn't work, we put the above rewrite rule directly into httpd.conf and that too failed to work.

The next approach was to block the useragent with Mod_security in the .htaccess file with the below rule:

<IfModule mod_security2.c>
# Basic configuration options
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off

SecUploadKeepFiles Off

# Debug log
#SecDebugLog /var/log/apache2/modsec_debug.log
#SecDebugLogLevel 0
SecRule REQUEST_HEADERS:User-Agent "InstallerApp(.*)" "log,drop"
</IfModule>

We have also tried using the full user-agent which is shown as "InstallerApp/1.0.1 (Mac/2.2, like CFNetwork/220.0)"

Any help on getting this to work properly would be greatly appreciated. Thank in advance for reading all of this!
 

mistwang

LiteSpeed Staff
#2
LiteSpeed does not support SetEnvIf... and Deny from env=..., you should switch to a pure rewrite rule based solution. it should be more efficient because there is no need to set the "env=blocked_apps".
 
#3
LiteSpeed does not support SetEnvIf... and Deny from env=..., you should switch to a pure rewrite rule based solution. it should be more efficient because there is no need to set the "env=blocked_apps".
Hi Mistwang and thank you for the prompt response. I see now why the mod_rewrite rule wasn't working and we can work around that based on the information but out of curiosity, any idea why the mod_security rule wouldn't work?

Thanks.
 
Top