Ok, I'm getting this in the home screen of Litespeed Admin with the default ModSec rules in place (no customizations whatsoever):
2017-03-21 00:30:27.017 [ModSecurity] failed to parse a modsec variable. while parsing: Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED}
2017-03-21 00:30:27.017 ERROR [ModSecurity] failed to parse a modsec variable. while parsing: Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED}
2017-03-21 00:30:27.017 ERROR [ModSecurity] failed to parse a modsec variable. while parsing: Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED}
2017-03-21 00:30:27.017 ERROR [ModSecurity] MULTIPART_STRICT_ERROR "!@eq 0" "msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED}', severity:'CRITICAL', id:'960914', ver:'OWASP_CRS/3.0.0', rev:'1', maturity:'8', accuracy:'7', phase:request, block, t:none, tag:'application-multi', tag:'language-multi', tag:'platform-multi', tag:'attack-protocol', tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ', tag:'CAPEC-272', setvar:'tx.msg=%{rule.msg}', setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{matched_var}'": Rule not supported.
2017-03-21 00:30:27.017 ERROR [ModSecurity] unknown server variable while parsing: MULTIPART_UNMATCHED_BOUNDARY
2017-03-21 00:30:27.017 ERROR [ModSecurity] MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "msg:'Multipart parser detected a possible unmatched boundary.', severity:'CRITICAL', id:'960915', ver:'OWASP_CRS/3.0.0', rev:'1', maturity:'8', accuracy:'8', phase:request, block, t:none, tag:'application-multi', tag:'language-multi', tag:'platform-multi', tag:'attack-protocol', tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ', tag:'CAPEC-272', setvar:'tx.msg=%{rule.msg}', setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{matched_var}'": Rule not supported.
2017-03-21 00:30:27.017 ERROR [ModSecurity] unknown server variable while parsing: ARGS_COMBINED_SIZE
2017-03-21 00:30:27.017 ERROR [ModSecurity] ARGS_COMBINED_SIZE "@gt %{tx.total_arg_length}" "t:none, setvar:'tx.msg=%{rule.msg}', setvar:tx.anomaly_score=+%{tx.notice_anomaly_score}, setvar:tx.%{rule.id}-OWASP_CRS/POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}": Rule not supported.
2017-03-21 00:30:27.017 ERROR [ModSecurity] unknown server variable while parsing: FILES_COMBINED_SIZE
2017-03-21 00:30:27.017 ERROR [ModSecurity] FILES_COMBINED_SIZE "@gt %{tx.combined_file_sizes}" "t:none, setvar:'tx.msg=%{rule.msg}', setvar:tx.anomaly_score=+%{tx.notice_anomaly_score}, setvar:tx.%{rule.id}-OWASP_CRS/POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}": Rule not supported.
and we can't figure out what's causing it or why it's tripping Litespeed at all.
Any ideas?
2017-03-21 00:30:27.017 [ModSecurity] failed to parse a modsec variable. while parsing: Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED}
2017-03-21 00:30:27.017 ERROR [ModSecurity] failed to parse a modsec variable. while parsing: Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED}
2017-03-21 00:30:27.017 ERROR [ModSecurity] failed to parse a modsec variable. while parsing: Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED}
2017-03-21 00:30:27.017 ERROR [ModSecurity] MULTIPART_STRICT_ERROR "!@eq 0" "msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED}', severity:'CRITICAL', id:'960914', ver:'OWASP_CRS/3.0.0', rev:'1', maturity:'8', accuracy:'7', phase:request, block, t:none, tag:'application-multi', tag:'language-multi', tag:'platform-multi', tag:'attack-protocol', tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ', tag:'CAPEC-272', setvar:'tx.msg=%{rule.msg}', setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{matched_var}'": Rule not supported.
2017-03-21 00:30:27.017 ERROR [ModSecurity] unknown server variable while parsing: MULTIPART_UNMATCHED_BOUNDARY
2017-03-21 00:30:27.017 ERROR [ModSecurity] MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "msg:'Multipart parser detected a possible unmatched boundary.', severity:'CRITICAL', id:'960915', ver:'OWASP_CRS/3.0.0', rev:'1', maturity:'8', accuracy:'8', phase:request, block, t:none, tag:'application-multi', tag:'language-multi', tag:'platform-multi', tag:'attack-protocol', tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ', tag:'CAPEC-272', setvar:'tx.msg=%{rule.msg}', setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{matched_var}'": Rule not supported.
2017-03-21 00:30:27.017 ERROR [ModSecurity] unknown server variable while parsing: ARGS_COMBINED_SIZE
2017-03-21 00:30:27.017 ERROR [ModSecurity] ARGS_COMBINED_SIZE "@gt %{tx.total_arg_length}" "t:none, setvar:'tx.msg=%{rule.msg}', setvar:tx.anomaly_score=+%{tx.notice_anomaly_score}, setvar:tx.%{rule.id}-OWASP_CRS/POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}": Rule not supported.
2017-03-21 00:30:27.017 ERROR [ModSecurity] unknown server variable while parsing: FILES_COMBINED_SIZE
2017-03-21 00:30:27.017 ERROR [ModSecurity] FILES_COMBINED_SIZE "@gt %{tx.combined_file_sizes}" "t:none, setvar:'tx.msg=%{rule.msg}', setvar:tx.anomaly_score=+%{tx.notice_anomaly_score}, setvar:tx.%{rule.id}-OWASP_CRS/POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}": Rule not supported.
and we can't figure out what's causing it or why it's tripping Litespeed at all.
Any ideas?