Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
litespeed_wiki:config:mod_security-compatibility [2015/08/03 19:01] Michael Alegre |
litespeed_wiki:config:mod_security-compatibility [2017/07/25 13:32] (current) Eric Leu [Supported Features List (Not Comprehensive)] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== mod_security compatibility ====== | + | ====== mod_security Compatibility ====== |
- | lsws try to be compatible with latest mod_security 2.5(and above) + latest gotroot rules. lsws support most of them, and don't want to miss any really important features/rules in real world and keeps updating based on our users' feedback. However since the complexity and the always updating security rules, it's not possible to be 100% compatible with apache in any time. This wiki will address the most current compatibility status. | + | |
- | === Not Yet Support Features === | + | |
- | * scan response header/body.(Note: request header/body are supported) | + | |
- | * scan attached files content in multi-part upload | + | |
- | * PDF functions | + | |
- | * lua | + | |
- | * parsing XML | + | |
- | === Reasons/Concerns not support them === | + | |
- | * the feature is less used | + | |
- | * the feature may slow down litespeed considerably due to the single-thread event driven architecture | + | |
- | * the rules for static files are skipped as it would unlikely cause any real security issue. | + | |
- | === Tips and Tricks === | + | We try to keep LSWS compatible with the latest mod_security 2.5(and above) and gotroot rules. LSWS supports most of these rules and attempts not to miss any really important features/rules used in the real world. We also keep updating support based on our user feedback. |
- | * [[litespeed_wiki:config:mod_security-tips]] | + | |
+ | However, because of the complexity and always updating nature of these security rules, it is not possible to be 100% compatible with Apache at any one time. This wiki will address the most current compatibility status. | ||
+ | |||
+ | ===== Supported Features List (Not Comprehensive)===== | ||
+ | * **@rbl** - real time block list. (since 5.1) | ||
+ | * **@fileinspect** - scan attached files. (since 5.1) | ||
+ | * Scan request header/body. | ||
+ | * Scan response header. | ||
+ | * Audit logging | ||
+ | * LSWS currently only supports the serial mode for audit logging. Since LiteSpeed is event driven, not like Apache that can have multiple processes and could change UID. | ||
+ | |||
+ | ===== Not Yet Support Features ===== | ||
+ | * Scan response body. | ||
+ | * PDF functions. | ||
+ | * lua. | ||
+ | * Parsing XML. | ||
+ | |||
+ | ===== Not Yet Support syntax ===== | ||
+ | * SecRemoteRules | ||
+ | ===== Reasons/Concerns not support them ===== | ||
+ | * The feature is not often used. | ||
+ | * The feature may slow down LiteSpeed considerably due to our single-thread event driven architecture. | ||
+ | * Requests to static files bypass mod_security scanning as they are unlikely to cause any real security issues. |