Comodo WAF - Litespeed incompatability question

#1
Hi

I run Comodo WAF and LS 4.2.23 on my VPS

I have excluded several WAF ModSec rules from one domain where the owner gets blocked each time she tries accessing one specific URL. I have also added a ModSec rule to whitelist her IP address, which I've confirmed by the log is correctly allowed in. Yet the rule that blocks her accessing the one URL overrides the IP whitelisting and also overrides that the rule that is blocking her is disabled on her domain.

I have been back and forth with Comodo WAF support on this for quite a while. They now tell me Litespeed 4.2.23 does not honor WAF's disabling of rules on individual domains. (When I disable WAF altogether on her domain, she can access the otherwise blocked URL. When only the rules that are blocking her are disabled, the disabling is not honored - she is blocked despite the rules being disabled.).

My question is to confirm whether Comodo WAF support is correct that Litespeed doesn't honor disabling of individual ModSec rules on a single domain. And if that is correct, does LiteSpeed plan to fix this any time soon?

thank you
 

mistwang

LiteSpeed Staff
#2
Let us know how you disable the rule?
And you need to confirm that the way you did works with Apache, something, it is just a configuration problem.
If it works with Apache, we will make it work properly with LiteSpeed.
 
Top