Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
litespeed_wiki:config:mod_security-compatibility [2015/10/26 20:10] Michael Alegre Removed Tips and Tricks section/link as it is now archived. |
litespeed_wiki:config:mod_security-compatibility [2017/07/25 13:32] (current) Eric Leu [Supported Features List (Not Comprehensive)] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== mod_security compatibility ====== | + | ====== mod_security Compatibility ====== |
- | lsws try to be compatible with latest mod_security 2.5(and above) + latest gotroot rules. lsws support most of them, and don't want to miss any really important features/rules in real world and keeps updating based on our users' feedback. However since the complexity and the always updating security rules, it's not possible to be 100% compatible with apache in any time. This wiki will address the most current compatibility status. | + | |
- | === Not Yet Support Features === | + | We try to keep LSWS compatible with the latest mod_security 2.5(and above) and gotroot rules. LSWS supports most of these rules and attempts not to miss any really important features/rules used in the real world. We also keep updating support based on our user feedback. |
- | * scan response header/body.(Note: request header/body are supported) | + | |
- | * scan attached files content in multi-part upload | + | However, because of the complexity and always updating nature of these security rules, it is not possible to be 100% compatible with Apache at any one time. This wiki will address the most current compatibility status. |
- | * PDF functions | + | |
- | * lua | + | ===== Supported Features List (Not Comprehensive)===== |
- | * parsing XML | + | * **@rbl** - real time block list. (since 5.1) |
- | === Reasons/Concerns not support them === | + | * **@fileinspect** - scan attached files. (since 5.1) |
- | * the feature is less used | + | * Scan request header/body. |
- | * the feature may slow down litespeed considerably due to the single-thread event driven architecture | + | * Scan response header. |
- | * the rules for static files are skipped as it would unlikely cause any real security issue. | + | * Audit logging |
+ | * LSWS currently only supports the serial mode for audit logging. Since LiteSpeed is event driven, not like Apache that can have multiple processes and could change UID. | ||
+ | |||
+ | ===== Not Yet Support Features ===== | ||
+ | * Scan response body. | ||
+ | * PDF functions. | ||
+ | * lua. | ||
+ | * Parsing XML. | ||
+ | |||
+ | ===== Not Yet Support syntax ===== | ||
+ | * SecRemoteRules | ||
+ | ===== Reasons/Concerns not support them ===== | ||
+ | * The feature is not often used. | ||
+ | * The feature may slow down LiteSpeed considerably due to our single-thread event driven architecture. | ||
+ | * Requests to static files bypass mod_security scanning as they are unlikely to cause any real security issues. |