Search results

  1. E

    301 "Moved permanently" glitch

    Yes, in v3.3.9 the issue related to the request filter is gone. Thank you.
  2. E

    4.0 road map

    One useful feature that I wouldn't mind having is the possibility to define request filter rules that work on the response. In particular the possibility to block pages that contain sensitive information. In ModSecurity it is possible to do that with something like this: ModSecurity...
  3. E

    301 "Moved permanently" glitch

    Thank you for the suggestion, it worked perfectly. Yet, I encountered another strangeness that should be of interest in this context. If I have the request filter enabled and a rule like this one: SecFilterSelective REQUEST_URI "badword" requesting something like...
  4. E

    301 "Moved permanently" glitch

    When I saw the changelog for v3.3.8 I thought that maybe the backreference issue could have been solved. Since it isn't the case I'd like to know if there is any chance for this problem to be fixed before v4.0.
  5. E

    301 "Moved permanently" glitch

    Hello, I'm again experiencing something strange related to 301 redirections. At this point I can't say if this is a bug or the desired behaviour, still I could use a piece of advice. I'm trying to redirect any request to mydomain.com to www.mydomain.com. These are the rules I'm using...
  6. E

    301 "Moved permanently" glitch

    Hello, I noticed this issue using a rewrite rule like this: RewriteRule ^/old-dir/$ /new-dir/ [R=301,L] When I request http://www.mydomain.com/old-dir/ I correctly get a http response with the location header correctly set, i.e.: Location: http://www.mydomain.com/new-dir/ So far, so...
  7. E

    Glitch with custom error pages and contexts

    I agree that fixing the issue so that the restriction isn't bypassable in any way is the best way to go. The fact that it won't be possible to put custom error pages in a restricted context is indeed a minor drawback. Thanks for your time.
  8. E

    Glitch with custom error pages and contexts

    Hello, here's how to reproduce the behaviour that I encountered: 1) Create a context for a certain virtual host, using settings like these: URI: /protected-dir/ Location: protected-dir/ Accessible: Yes Access Allowed: 123.123.123.123 Access Denied: ALL 2) In the general tab of the...
  9. E

    Running lsphp standalone

    Thanks for the clarifications. I just wanted to confirm that after setting the proper environment variables Litespeed provides excellent performance and stability even with manually spawned lsphp processes.
  10. E

    Running lsphp standalone

    Hello, I set up Litespeed to handle php through the load balancer which talks to a standalone lsphp process listening in the background on the same machine. I would like to ask a few things. 1) If I want, for example, 4 lsphp processes listening for connections from Litespeed should I start...
  11. E

    Rewrite log and piped logging

    Hello, I already read in a previous thread that a separate request filter log is going to be implemented in a future release. I think that this is a very good idea. Still, there are a couple of things regarding logs that I'd like to ask: 1) Is a separate rewrite log planned? 2) Will it...
  12. E

    Current requests' info in the RT stats

    Hello! I never used any control panel so I can't say if that's what I'm talking about. However it may just be the case, maybe in combination with apache's mod_status. I was curious and logged into the whm demo at cpanel.net, yet there are only two pages similar to what you mention but...
  13. E

    Current requests' info in the RT stats

    Hello, I thought that it would be very useful to have the possibility to monitor the current requests that the server is managing in the real-time statistics. I would like to have each connection on a separate row, the columns could show information like: - Remote IP address - Vhost...
  14. E

    lsphp and graceful restarts

    Hello, I would like to ask if lsphp suffers from an issue that affects mod_fcgid on apache. The problem is described here: http://sourceforge.net/mailarchive/forum.php?thread_name=20070920072507.31408.qmail%40apnet.pl&forum_name=mod-fcgid-users...
  15. E

    More abuse prevention features

    Thanks for your suggestions. Indeed, after giving it some thought, I agree that putting logs in a database should be the way to go. Having it built into the server would allow for better performance, yet the overhead shouldn't be too much of an issue to parse logs into a database and running...
  16. E

    A few issues with the request filter and a possible bug

    I'll look into the 404 issue, as it seems that it's a problem on my side. BTW, I posted a couple of features request in the relative forum section. I would love to know what you think about them, thanks!
  17. E

    More abuse prevention features

    Hello, I think Litespeed has already many good security features built in, yet there are a couple of things that I would love to see implemented. This would be all I need to leave Apache for good. These features are provided in mod_evasive and mod_cband for Apache, but having them integrated...
  18. E

    A few issues with the request filter and a possible bug

    Thanks, the ARG and COOKIE rules are now working. I didn't have the time to run extensive tests but everything that was previously broken is now fixed, if I find something more later I'll let you know. On a side note I noticed a little glitch with version 3.3.4, I don't know if it's fixed in...
  19. E

    A few issues with the request filter and a possible bug

    Hello, I tried the new version and found something strange. The last point mentioned below is stopping me from testing more. Here's what I found: 1) According to mod_security 1.9 docs the rule for checking POST parameters should be: SecFilterSelective ARG_foo "bar" but this rule isn't...
  20. E

    A few issues with the request filter and a possible bug

    Thanks for the quick turnaround, tomorrow I'll test the new release and update the thread. Regards, -Mark
Top