Mod_security / Mod_rewrite rule not working after LSWS switch

Discussion in 'General' started by Tronyx, Apr 4, 2009.

  1. Tronyx

    Tronyx Member

    Greetings all!

    We recently switched from Apache to LSWS on one our cPanel servers and we are having a problem with a rule for mod_rewrite/mod_security that is not being used properly after the switch.

    The mod_rewrite rule is designed to block bad user-agents from accessing one part of the site and as noted, it worked prior to the switch to LSWS. The .htaccess file is located in /home/userdir/public_html/repo/.htaccess. The Mod_rewrite rule we were using is below:

    <IfModule mod_rewrite.c>
    RewriteEngine on
    #RewriteBase /
    #Block access based upon User-Agent name
    SetEnvIfNoCase User-Agent "^InstallerApp(.*)" blocked_apps=1

    Order Allow,Deny
    Allow from all
    Deny from env=blocked_apps

    As noted, this was not working after we upgraded to LiteSpeed but the other rules in this .htaccess file still work fine.

    Since this didn't work, we put the above rewrite rule directly into httpd.conf and that too failed to work.

    The next approach was to block the useragent with Mod_security in the .htaccess file with the below rule:

    <IfModule mod_security2.c>
    # Basic configuration options
    SecRuleEngine On
    SecRequestBodyAccess On
    SecResponseBodyAccess Off

    SecUploadKeepFiles Off

    # Debug log
    #SecDebugLog /var/log/apache2/modsec_debug.log
    #SecDebugLogLevel 0
    SecRule REQUEST_HEADERS:User-Agent "InstallerApp(.*)" "log,drop"

    We have also tried using the full user-agent which is shown as "InstallerApp/1.0.1 (Mac/2.2, like CFNetwork/220.0)"

    Any help on getting this to work properly would be greatly appreciated. Thank in advance for reading all of this!
  2. mistwang

    mistwang LiteSpeed Staff

    LiteSpeed does not support SetEnvIf... and Deny from env=..., you should switch to a pure rewrite rule based solution. it should be more efficient because there is no need to set the "env=blocked_apps".
  3. Tronyx

    Tronyx Member

    Hi Mistwang and thank you for the prompt response. I see now why the mod_rewrite rule wasn't working and we can work around that based on the information but out of curiosity, any idea why the mod_security rule wouldn't work?

  4. mistwang

    mistwang LiteSpeed Staff

    For the mod_security rule, are you using 4.0 enterprise? Have you tried the rule from httpd.conf instead of .htaccess?

Share This Page