LSWS 4.2.3 VS mod_security

Discussion in 'Bug Reports' started by DraCoola, Jun 4, 2013.

  1. DraCoola

    DraCoola Well-Known Member

    I've found that :
    Code:
    <LocationMatch .*>
            SecRuleRemoveById xxxxxx
    </LocationMatch>
    won't work with 4.2.3 :confused:
    please fix this.
     
  2. NiteWave

    NiteWave Administrator

  3. DraCoola

    DraCoola Well-Known Member

    hi NiteWave, thanks for your response.
    LocationMatch are placed on :

    /usr/local/apache/conf/userdata/std/2/username/

    and

    /usr/local/apache/conf/

    those works fine on 4.2.2, so I revert back to 4.2.2 to solve this.
     
  4. NiteWave

    NiteWave Administrator

    will notify the development.

    since it's <LocationMatch .*>, how about just remove it and will it work under 4.2.3 ?
     
  5. DraCoola

    DraCoola Well-Known Member

    i am sorry, NiteWave, but that can't be done.
    some websites need to exclude some of specific atomic modsec rules to get their site working.
    because that was not just .* but either to website path for an example :

    Code:
    <LocationMatch "/adminpanel/sidebar_option.php">
    	SecRuleRemoveById 34xxx
    	SecRuleRemoveById 34xxx
    	SecRuleRemoveById 34xxx
    </LocationMatch>
    so i'd better waiting for your next 4.2.3 latest build update.
     
  6. mistwang

    mistwang LiteSpeed Staff

    new build of 4.2.3 has been uploaded. Please give it a try.
     
  7. TheBigK

    TheBigK New Member

    How do I get the new version? No notification in WHM. Getting the same error and it's really frustrating!
     
  8. webizen

    webizen Well-Known Member

    no notification for new build of the same version. just do force install either from admin console or command line.
     
  9. Karl

    Karl Active Member

    mod_security in 4.2.3 is completely broken based on our testing. You need to go back to 4.2.1 to get it working correctly.
     

Share This Page