mod_security & ModSecurity Core Rule Set

Discussion in 'Install/Configuration' started by anything, Aug 8, 2011.

  1. anything

    anything Member

    I was investigating using some of the OWASP rules for mod_security but I've found that almost none of them are useable with litespeed.
    They appear to almost exclusively use SecRule TX:var style rules to create scores, and allow/deny based on the score. Which litespeed does not appear to support.
    eg:
    Code:
    unknown server variable while parsing: TX:REAL_IP
    Any plans to begin supporting the features required for at least the base rules of the "ModSecurity Core Rule Set"?

    I also found that the following rule (which is part of the core rule set) causes litespeed to crash and auto-restart for every request.
    Code:
    SecRule REQUEST_HEADERS:User-Agent "^(.*)$" "phase:1,id:'981217',t:none,pass,nolog,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{matched_var}"
    I'm testing on ent4.1.3.

    Also, please add some documentation to inform people that the request filter config in litespeed's control panel is for native sites only.
  2. QuantumNet

    QuantumNet New Member

    still doesnt work on the latest litespeed ... really thinking about switching to apache 2.4

Share This Page