mod_sec SCRIPT_BASENAME not working?

Discussion in 'General' started by optize, Mar 8, 2012.

  1. optize

    optize Well-Known Member

    I have a simple mod_sec rule to block spam.html:

    SecRule SCRIPT_BASENAME "spam\.html" "t:none,deny"

    This works fine in Apache, however it doesn't trigger on Litespeed.

    Is this a known issue?
  2. webizen

    webizen Well-Known Member

    litespeed skips modsec rules for static file like *.html as it would not cause any real issue. so it is by design not an overlook or bug.
  3. optize

    optize Well-Known Member

    Is there a way to turn it on? I need mod_sec to work on all file types.
  4. webizen

    webizen Well-Known Member

    use workaround like followings:


Share This Page