Search results

Cool. We'll hold off implementing until then as security triumphs over speed with us. (I'll also lobby to get isapi code into PHP as that's the only other issue we've found with the product). Thanks for all of your help...

We want to employ mod_security but want to keep up to date with rulesets as supplied by Bream. We currently can not do that with litespeed as V1.9 rules are no longer supported. What is the timeline (if any) for supporting mod_security V2 rulesets?:confused:

Brilliant! Any pointers for a sysadmin who knows nothing at all about Ruby? I have compiled Ruby-lsapi via gems. It appears that I can not get domains configured in the apache httpd.hosts to be handled by litespeed. (vhosts defined in litespeed work however the app mappings (as defined in...

I was hoping that with Ruby_lsapi and the ability to utilise the .ls_rails_config file for routing that users would not require ssh access. (They could use ftp to upload their scripts and then by touching the .ls_rails_config file, get their controllers to reload). Has anyone done this?

Any plans to implement the 2.X series of mod_security at any stage?

Done! Upgraded. Whoops. Not an imperative but a nice to have is RoR support. Will go and try that out now...

Not yet. The upgrade up to 3.3.6 was as simple as clicking the upgrade link. The upgrade to 3.3.7-ent is a download link. I had downloaded the product a while ago but haven't got around to reading any release notes and/or applying the upgrade yet. I'll do that shortly...

This was the only thing remaining for us to test before going ahead with a purchase. You'll have our money soon...

Hmm. It wasn't going at all as I suspected When Litespeed looked at the line : Include etc/apache2/Includes/*.conf in the httpd.conf, it was only including one of the files in there. As such, it did not load the other include files, one of which one had the mod_security rules defined...

There is no audit_log generated. It's defined in an Include file under the httpd.conf to be : logs/audit_log It's not is {$litespeedhome}/logs. It's not in /var/logs It's not in {$vhostlogdir} If I change the rule to deny it does not block. Together, these two actions make me...

I know it SHOULD be. But that's why I have raised this issue. It's not. I created a subdir called bin. In this I placed a script called websendmail. (just a junk script that does not perform this function) I can access this although I should not be able too... Test url is...

Um, sorry for not making that clear. We are evaluating Enterprise trial edition at present. Or are you stating that only the full license supports mod_security rules? (We were hoping to evaluate this on Litespeed particularly as Apache runs like a dog on our ruleset).

I have tried the following : Included a conf file into httpd.conf which contains... SecFilterEngine On SecServerSignature "Litespeed" SecAuditEngine RelevantOnly SecAuditLog logs/audit_log SecDebugLog logs/modsec-debug_log SecDebugLogLevel 4 SecTmpDir /tmp SecUploadKeepFiles Off...

For testing: The page index.html is the forms page for file uploads. Uploads go in docroot/uploads dir. The page index.php writes a file using fwrite.

On the previous note, since we are running in suexec mode, suexec will not permit me to run the id command. Or any of it's variants. :(

No. Web console was working this morning. Since you've been on the system, I can no longer access the server configuration pages.

Thanks for the above link. Now I understand why the user was wrong and why the PPID check fixes it. Any ideas about group ownership?

OK then. Now back to the original question. It appears that the owner is now noc when using the move_uploaded_file function. Weird. I didn't change anything. Good that it's working however. The group is still wheel though. I have setting the ForceGID option but this does not appear to...

There is but it is not utilised. (We have other programs running setuid successfully). ssh access "PMed" to you. :-)

Ownership is : -r-sr-xr-x 1 root www 10780 Feb 14 16:17 lscgid.3.3.4