Search results

Small tweak ... had to change "Header always append" to "Header set" to avoid a header injection vulnerability. SetEnvIf Host ^(www\.)?domain1\.com$ CORDS_ENV=https://www.domain1.com SetEnvIf Host ^(www\.)?domain2\.com$ CORDS_ENV=https://www.domain2.com SetEnvIf Host ^(www\.)?domain3\.com$...

Well, after much persistence, I was able to figure this out. The following format worked: SetEnvIf Host ^(www\.)?domain1\.com$ CORDS_ENV=https://www.domain1.com SetEnvIf Host ^(www\.)?domain2\.com$ CORDS_ENV=https://www.domain2.com SetEnvIf Host ^(www\.)?domain3\.com$...

Anyone on the LiteSpeed staff care to comment on this? We have about 7 servers running LiteSpeed and will undoubtedly be running into the same issue when we try implementing this for other clients. Any guidance is greatly appreciated. Thanks. John

Hi, Was hoping someone could help us setting up a rule in .htaccess for CORS policy for Access-Control-Allow-Origin. We found a bunch of posts on StackOverflow relating to this, all with the same general proposed solution. We implemented the accepted solution trying a variety of variations ...

Thanks Pong. I have read many forums that indicate there are some OWASP rules that will not work with LiteSpeed and show no error in the modsec logs. I tried all relevant COMODO rules but none of them intercept this attack and none of them generate a log entry. Any other suggestions? Thanks...

Hi All, We have a site failing PCI for a HTTP Response Splitting Vulnerability. Here's an obfuscated version of the test URL: http://florist.mysite.com/WHS%0D%0AX-Resp:%20Split.php When called, we receive the following response headers. HTTP/1.0 301 Moved Permanently Content-Type: text/html...