.htaccess | modsecurity rules work on one vhost but no another

Discussion in 'General' started by c0ldshadow, Nov 27, 2012.

  1. c0ldshadow

    c0ldshadow Well-Known Member

    have litespeed v4.1.13

    I have 2 vhosts, e.g. works.com and doesntwork.com

    The same identical modsecurity rule works on one vhost but not the other

    e.g. in the works.com vhost I have

    SecFilterSelective "REMOTE_ADDR" "^5\.5\.5\.5$"

    as expected, when I visit my site from my IP, I get blocked

    The same exact rule doesn't work in the doesntwork.com vhost... e.g. i go to the 2nd vhost site and don't get blocked

    Here is what is really odd though... other features of the doesntwork.com vhost are working fine, e.g. URL rewrites, htaccess password authorization... it's only modsecurity for which rules seem to be ignored in the doesntwork.com vhost

    in looking through the settings in the litespeed webui, both vhosts seem to have identical settings..

    I have tried gracefully restarting the webserver but no luck.

    is this a known bug / issue? please advise regarding next steps to troubleshoot
    Last edited: Nov 27, 2012
  2. mistwang

    mistwang LiteSpeed Staff

    Due to the relatively high cost of checking against mod_security rules for each every request, LiteSpeed selectively skips mod_sec for static files. if you check the web site against a dynamic page (PHP page), it should work.

Share This Page