LiteSpeed and mod_security problem

[Oleg]

Hi

I'm software developer. My team developing applicaton to manage mod_security rules for various popular web-servers.

However, with LiteSpeed we have problem trying to whitelist certain rules for some domain.
We use following to whitelist (for example: rule ID - 340151, domain name - 'somehost.com'):

SecRule REQUEST_HEADERS:Host "@rx ^somehost\.com$"phase:1,id:123,nolog,pass,ctl:ruleRemoveByID=340151

It works like a charm for Apache, but for LiteSpeed rule just not whitelisted.
I browsed LiteSpeed forum and found this topic:
https://www.litespeedtech.com/support/forum/threads/mod_security-support.3791/

ruleRemoveByID is not supported yet, so, the only option with LiteSpeed is to comment out those unwanted rules.

Is it still true? LiteSpeed still not supported 'ruleRemoveByID' yet?
How can we whitelist certain rule ID for some domain?

With best regards, Oleg

 

[mistwang]

ctl:ruleRemoveByID is not supported yet.

SecRuleRemoveById directive works. Just use that in the vhost configuration section.

 

[SFlight]

ctl:ruleRemoveByID is not supported yet.

SecRuleRemoveById directive works. Just use that in the vhost configuration section.

Is there any plan to support this? It would make managing modsec rules much easier.

We have a plugin for WHM that handles everything related to modsec, rules, etc. However one of the great features it has, being able to modify rules per user/domain, doesn't work because this option is not supported by Litespeed.

Not sure if it makes a different, bu we use the enterprise version of Litespeed.

 

[mistwang]

Yes, we will add that in official 5.2 release.

 

[mistwang]

It has been added to latest build of 5.1.3 . you can upgrade with command

/usr/local/lsws/admin/misc/lsup.sh -f -v 5.1.13

ctl:ruleRemoveByID should work now.