mod_security & ModSecurity Core Rule Set

Discussion in 'Install/Configuration' started by anything, Aug 8, 2011.

  1. anything

    anything Well-Known Member

    I was investigating using some of the OWASP rules for mod_security but I've found that almost none of them are useable with litespeed.
    They appear to almost exclusively use SecRule TX:var style rules to create scores, and allow/deny based on the score. Which litespeed does not appear to support.
    eg:
    Code:
    unknown server variable while parsing: TX:REAL_IP
    Any plans to begin supporting the features required for at least the base rules of the "ModSecurity Core Rule Set"?

    I also found that the following rule (which is part of the core rule set) causes litespeed to crash and auto-restart for every request.
    Code:
    SecRule REQUEST_HEADERS:User-Agent "^(.*)$" "phase:1,id:'981217',t:none,pass,nolog,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{matched_var}"
    I'm testing on ent4.1.3.

    Also, please add some documentation to inform people that the request filter config in litespeed's control panel is for native sites only.
     
  2. QuantumNet

    QuantumNet Well-Known Member

    still doesnt work on the latest litespeed ... really thinking about switching to apache 2.4
     

Share This Page