modsec issues

Discussion in 'General' started by optize, Oct 8, 2012.

  1. optize

    optize New Member

    Can someone help me figure out why this modsec rule don't work in Litespeed, but work in Apache?

    SecRule REQUEST_FILENAME ".{1,}paypal\.com{1,}" "phase:1,t:none,log,deny"

    It's a simple request, to block the request if there is paypal.com anywhere in the URL string.

    example: domain.com/hi/paypal.com/file.html or domain.com/hellopaypal.com/

    Is there another way I should be doing this via Litespeed?
  2. mistwang

    mistwang LiteSpeed Staff

    you can try a rewrite rule.
    LiteSpeed modsec engine only block URL that does not result in 404 or static file.
  3. optize

    optize New Member

    Is there a way to turn that off? We're trying to block phishing attempts, which are all static files.
  4. mistwang

    mistwang LiteSpeed Staff

    We can add an option in next release.
  5. optize

    optize New Member

    Was this added?

Share This Page