mod_security support

Discussion in 'Install/Configuration' started by mferguson, Feb 14, 2010.

  1. mferguson

    mferguson New Member

    Over the weekend we purchased and installed LSWS 4.0.12 Enterprise. We had been running Apache 2 and had several mod_security exceptions set up. We had /opt/mod_security/whitelist.conf define these exceptions but when we switched to LSWS it appears that it is using mod_security (lots of things are showing up in the modsec_audit.log) but that the exceptions we made are no longer working. Its as if the whitelist is being ignored.

    Can anyone explain how mod_security configuration is done with LSWS or if there is a better way to handle functions that mod_security is providing?

    Thanks

    Mark
  2. mistwang

    mistwang LiteSpeed Staff

    Can you post the whitelist.conf
  3. mferguson

    mferguson New Member

    Sure. It is:

    SecRule Request_URI /frontend/x3/fantastico/autoinstall[a-zA-Z0-9]+.php phase:1,nolog,allow,ctl:ruleRemoveByID=340067
    SecRule SERVER_NAME "ourdomainnamehere" phase:1,nolog,pass,ctl:ruleRemoveByID=340151
    SecRule SERVER_NAME "ourdomainnamehere" phase:1,nolog,pass,ctl:ruleRemoveByID=340163

    I've replaced the domain name above as my client doesn't want the address exposed in public forums.

    Thanks!

    Mark
  4. mistwang

    mistwang LiteSpeed Staff

    ruleRemoveByID is not supported yet, so, the only option with LiteSpeed is to comment out those unwanted rules.
  5. mferguson

    mferguson New Member

    What rules are supported? For now I've had to disable all our rules since they were using ruleRemoveByID.

    Thanks

    Mark
  6. UWH-David

    UWH-David New Member

    Yes, I am seeing a LOT of mod_security rules failing with LiteSpeed. Is there any common thread so we can convert these to LiteSpeed friendly rules quickly? Process of elimination when you have thousands of rules is just not going to work.
  7. brrr

    brrr New Member

    Thousands of mod_security rules...:eek:

    Little wonder you are looking into Litespeed on your server to improve performance :)
  8. UWH-David

    UWH-David New Member

    Even disabled, suPHP is not very quick.

  9. mistwang

    mistwang LiteSpeed Staff

    If you do not mind, please send your rule set to bug@litespeed..., and tell us how to reproduce the issue (URL trigger it), we will investigate and improve the compatibility.
  10. UWH-David

    UWH-David New Member

    The majority of our rules are seeded from the gotroot modsec rule subscription:
    http://www.gotroot.com/mod_security rules


  11. UWH-David

    UWH-David New Member

    What would be the most useful is if the log listed the ID of the mod_security rule which it is having troubles with.

  12. UWH-David

    UWH-David New Member

Share This Page