Litespeed and CXS

[masood_y]

What is CXS?
ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server. (MORE ...)

What is problem?
CXS unable to detect and quarantine expolites uploaded with web-scripts or cpanel file manager.

We called CXS support team and they said:
You are running Litespeed instead of Apache. We can provide no support for cxs script upload scanning with litespeed. If you were also having problems with cxs script upload scanning when running Apache without litespeed, please switch back to Apache and we can have a look then.

Is it posible to fix in feature version of Litspeed? Because CXS is very very important and useful script for detect, quarantine and suspend expolites and abuse files.

 

[NiteWave]

search cxs on the forum can find a few other posts regarding cxs.

I'd summary here. it requires litespeed to support following mod_security rules:

SecUploadFileMode 0644
SecRule FILES_TMPNAMES "@inspectFile /etc/cxs/cxscgi.sh" \
"id:351000,rev:1,severity:2,msg:'Atomicorp.com Upload Malware Scanner:
Malicious File upload attempt detected and blocked',log,deny,auditlog,status:403,t:none"

SecRequestBodyAccess On
SecRule FILES_TMPNAMES "@inspectFile /etc/cxs/cxscgi.sh" \
"log,auditlog,deny,severity:2,id:'1010101'"

since we're investigating complete support for mod_security 2.5.x now, it's a good timing to bring up this issue here

 

[masood_y]

Thank you for your reply.
I changed my mod_security to above setting, but CXS unable to detect with web-script too.

 

[mistwang]

"@inspectFile" operator is not supported now.

 

[masood_y]

"@inspectFile" operator is not supported now.

What is exact mod_security rules please?

 

[masood_y]

What is exact mod_security rules please?

Help me please.
What is correct mod_security cxs rules for last installed litespeed?

 

[NiteWave]

please refer this old thread:
http://www.litespeedtech.com/support/forum/showthread.php?p=21226
"use it via suhosin"