mod_security ASL issues - 403 error.

Discussion in 'Bug Reports' started by VortMax, May 24, 2009.

  1. VortMax

    VortMax Well-Known Member

    We have a new server up and running with Cent OS 5.2 and we are running ASL for security and our server keeps serving up 403 errors (and the end user see's the apache default web page) when people are inputting data on php input fields. Most of the errors show as XSS injection threats (which they are not).

    If I disable litespeed and go back to apache the problems stop. I have also disabled several rules from mod_security and it helps sometimes. But we REALLY need to have this security in place on our server.

    One another annoying issue is when bringing up hordemail it just gives us a blank page unless of course I turn off litespeed and enable apache. :(

    Has any one figured out a way to deal with these mod_security issues with litespeed?

    Litespeed tech was helping me with this problem but I think that there solution was to just disable the offending rules which just concerns me at this time.

    Thank you
    Last edited: May 24, 2009
  2. VortMax

    VortMax Well-Known Member

    No one has any ideas on this one? Everyone else using some form of mod_security is NOT having this problem?
  3. mistwang

    mistwang LiteSpeed Staff

    Have you tried the latest release? 4.0.3 or 4.0.4 .
  4. VortMax

    VortMax Well-Known Member

    Running 4.0.3...I think you guys actually created it while working on this exact problem. :( 4.0.4 is not showing up as a downloadable version.
  5. mistwang

    mistwang LiteSpeed Staff

    Just change the version number in the download link to get it.
    If the rewrite rule still bother you, please check the audit log and send us the corresponding security rules, or the whole security rule file.
  6. VortMax

    VortMax Well-Known Member

    Since the 4.0.4 update was posted I can confirm that I no longer have issues with horde giving me a blank login screen from Plesk. I am waiting to here from our members if this released corrected the other mod_security issues when using ASL.

    Thank you and I will keep you posted.
  7. VortMax

    VortMax Well-Known Member

    Unfortunately even with 4.0.4 we are still experiencing quite a few apache default page problems with litespeed activated with ASL.

    I was using a forum editor package today and it wouldn't even allow me to save the code to the database. It kept giving me the default apache page once I hit save.

    There has got to be something you can do about this. Once again, if I turn off litespeed and go back to apache all of these default page problems disappear. :( Of course this is really not an option nor is disabling our security software.

    Any other ideas from anyone or the staff here would be greatly appreciated.
  8. mistwang

    mistwang LiteSpeed Staff

    Can you please provide the log entry that block a valid request in your mod_security audit log file along with your security rules?
    You can send those information to bug@litespeed...
  9. VortMax

    VortMax Well-Known Member

    Sent that stuff over today.
  10. VortMax

    VortMax Well-Known Member

    Can anything be done about this? New versions have done nothing to curb this problem.

    mod_security rules continue to cause issues with an apache default page to be displayed.

    We have dealt with this for over three months now with no resolution at all. Can you please help us?
  11. Aninnaskiny

    Aninnaskiny New Member

    mod_security ASL issues 403 error

    I dont think so. When I Identify them, they are numbered 1 to 2 from left to right. Is there some other way to confirm?

Share This Page