[solved] Request filters?

[Daniel]

I'm offering shared hosting on centos5 server with cpanel and litespeed (multicpu license)

I want to block out a large list of user-agents through litespeed's filtering rules but for some reason I cant get them to work.

For example, blocking empty user agent I got this rule in request filters:

action: deny,log,status:403
rules definitions: SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

I tried another one, blocking by request url

action: deny,log,status:403
rules definitions: SecFilterSelective THE_REQUEST "/phpBB/" status:403

It didn't work either, nor any of the combinations of those.

How can I get this to work OTHER than htaccess.
Once again, I am selling shared hosting and I want this forcefully enabled for all clients. I know why I want it, I just don't know HOW to do it.

 

[mistwang]

Put it in httpd.conf, or modsec2.conf modsec2.user.conf, just like your other modsec rules.

 

[Daniel]

Got it to work.

placed this at the end of my file httpd.conf

SecFilterEngine On
SecFilterDefaultAction "deny,log,status:403"
SecFilterSelective THE_REQUEST "/dftig/" status:403

Appearently I had to turn it ON.


I am curious though, why is it needed to mod httpd.conf instead of just entering it directly through admin panel. Is it possible to make it work there instead? It's much more convenient.

 

[NiteWave]

if vhost is defined in http.conf, mod_security rules from http.conf works;
if vhost is defined in admin console(native vhost), rules defined in admin console(requests filter) works.