mod_security ASL issues - 403 error.

VortMax

Well-Known Member
#1
Hello,
We have a new server up and running with Cent OS 5.2 and we are running ASL for security and our server keeps serving up 403 errors (and the end user see's the apache default web page) when people are inputting data on php input fields. Most of the errors show as XSS injection threats (which they are not).

If I disable litespeed and go back to apache the problems stop. I have also disabled several rules from mod_security and it helps sometimes. But we REALLY need to have this security in place on our server.

One another annoying issue is when bringing up hordemail it just gives us a blank page unless of course I turn off litespeed and enable apache. :(

Has any one figured out a way to deal with these mod_security issues with litespeed?

Litespeed tech was helping me with this problem but I think that there solution was to just disable the offending rules which just concerns me at this time.

Thank you
 
Last edited:

mistwang

LiteSpeed Staff
#5
Just change the version number in the download link to get it.
If the rewrite rule still bother you, please check the audit log and send us the corresponding security rules, or the whole security rule file.
 

VortMax

Well-Known Member
#6
Since the 4.0.4 update was posted I can confirm that I no longer have issues with horde giving me a blank login screen from Plesk. I am waiting to here from our members if this released corrected the other mod_security issues when using ASL.

Thank you and I will keep you posted.
 

VortMax

Well-Known Member
#7
Unfortunately even with 4.0.4 we are still experiencing quite a few apache default page problems with litespeed activated with ASL.

I was using a forum editor package today and it wouldn't even allow me to save the code to the database. It kept giving me the default apache page once I hit save.

There has got to be something you can do about this. Once again, if I turn off litespeed and go back to apache all of these default page problems disappear. :( Of course this is really not an option nor is disabling our security software.

Any other ideas from anyone or the staff here would be greatly appreciated.
 

mistwang

LiteSpeed Staff
#8
Can you please provide the log entry that block a valid request in your mod_security audit log file along with your security rules?
You can send those information to bug@litespeed...
 

VortMax

Well-Known Member
#10
Can anything be done about this? New versions have done nothing to curb this problem.

mod_security rules continue to cause issues with an apache default page to be displayed.

We have dealt with this for over three months now with no resolution at all. Can you please help us?
 
Top