lsws 4.1.11 not support modsec rules?

Discussion in 'Bug Reports' started by DraCoola, Mar 16, 2012.

  1. DraCoola

    DraCoola Well-Known Member

    I just wondering about why there so many modsec rules suddenly lost it functions while using litespeed.
    I had test it with a very simple rule for an example :

    Code:
    SecRule REQUEST_URI "^/abc\.php$" "deny"
    As above rule expected, Apache bring 406 error page to http://domain.com/abc.php access.
    But unfortunatelly, litespeed will still give us totaly freedom to access http://domain.com/abc.php.

    Is there any special way to write that just "REQUEST_URI denial" modsec rule with litespeed?
     
    Last edited: Mar 16, 2012
  2. mistwang

    mistwang LiteSpeed Staff

    does abc.php file exists? and the file need to be processed as a script.
    LiteSpeed ignore mod_sec for static files.
     
  3. DraCoola

    DraCoola Well-Known Member

    yes abc.php is exist.
    the file is php file which have active script inside it.
     
  4. DraCoola

    DraCoola Well-Known Member

    Superb!
    Force update 4.1.11 will fixed this modsec compatibily.
    Thank you, George!
     

Share This Page