RFE: Enable RBL support for ModSecurity

innovot

Well-Known Member
#1
We very much wish to see the inclusion of @rbl support for ModSecurity so that we are able to fully leverage the Atomicorp RBL subscription feed we have purchased. We also build our own RBL data source that has been generated from a number of ingress points on our network that we would really like to use as-well.
 

mistwang

LiteSpeed Staff
#2
We will add that after implementing the @inspectFile.
Both operators require interruption of execution flow of ModSecurity rules, which is very hard to implement for a event-driven non-blocking server.
 

mistwang

LiteSpeed Staff
#4
We have added @inspectFile and @rbl in our upcoming Load balancer's mod_security implementation.
It will be back port to LSWS enterprise soon, may have it in 5.0.6 release.
 

innovot

Well-Known Member
#6
Hello mistwang, do you think this will be available in 5.0.6 as our LS instance is being hammered with rogue WP admin access, yet when running under Apache the RBL functionality was blocking it all.
 

wanah

Well-Known Member
#8
Hello, this sounds like a huge step forward in litespeed's mod security implementation. I presume it wasn't included in 5.07. Do you have a new ETA ?
 

mistwang

LiteSpeed Staff
#9
5.1RC1 has been released. @rbl and @inspectFile support has been added.
Have been testing @rbl in production for a few days to find forum spam. looks like it is working well.
Due to the big internal changes, we release it as release candidate, user need to be careful with rolling out. It is better to do it in smaller scale or test it in dedicate development environment first.

We will fix any bug promptly with enough debugging information.
 

innovot

Well-Known Member
#10
Appeared to be working okay but then LSWS stopped serving requests. Have downgraded to 5.07 for the time being. How best could we help to debug ?
 

mistwang

LiteSpeed Staff
#11
The best way is to let us login to the server with temp root access to figure out what happened.
If you prefer not to giving temp root access, you can turn on full debug logging, then send us the error log.
 
Top