Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
litespeed_wiki:config:mod_security_faq [2018/05/10 18:57] Jackson Zhang created |
litespeed_wiki:config:mod_security_faq [2018/10/08 20:27] Jackson Zhang [Does LSWS Support the "Concurrent" Type of Audit Log?] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Mod Security FAQ for LSWS ====== | + | ====== Mod Security FAQ for LiteSpeed Web Server ====== |
- | ===== Does LSWS support "concurrent" type of Audit log? ===== | + | ===== Does LSWS Support the "Concurrent" Type of Audit Log? ===== |
- | No. LSWS currently only supports the serial mode for audit logging. Since LiteSpeed is event-driven, not like Apache, which that can have multiple processes and could change UID. | + | No. LiteSpeed Web Server only supports the **serial** mode for audit logging. |
+ | |||
+ | A concurrent-mode audit log is only useful for servers like Apache which is process-driven and has multiple processes that may change UID. LiteSpeed is event-driven, and as such, concurrent mode is not needed. | ||
+ | |||
+ | ===== Unsupported Variable error ==== | ||
+ | Sometime you may see some error like the following: | ||
+ | |||
+ | 2018-10-08 15:51:43.075081 ERROR [ModSecurity] FILES:import_file "@rx <": Rule not supported. | ||
+ | 2018-10-08 15:51:43.077152 ERROR [ModSecurity] failed to parse a modsec variable. while parsing: %{TIME_EPOCH} | ||
+ | 2018-10-08 15:51:43.077934 ERROR [ModSecurity] unknown server variable while parsing: FILES:import_file | ||
+ | 2018-10-08 15:51:43.077942 ERROR [ModSecurity] FILES:import_file "@contains <": Rule not supported. | ||
+ | 2018-10-08 15:51:43.081368 ERROR [ModSecurity] unknown server variable while parsing: MATCHED_VARS_NAMES | ||
+ | 2018-10-08 15:51:43.081385 ERROR [ModSecurity] MATCHED_VARS_NAMES "@rx ^ARGS:AGENDA_EXT_(?:NAME|SRC|COLOR)__[\d]{1}$" "t:none": Rule not supported. | ||
+ | 2018-10-08 15:51:43.104981 ERROR [ModSecurity] unknown server variable while parsing: FILES:file | ||
+ | 2018-10-08 15:51:43.105000 ERROR [ModSecurity] FILES:file "@contains <" "t:none,t:urlDecodeUni,t:htmlEntityDecode": Rule not supported. | ||
+ | 2018-10-08 15:51:43.110779 ERROR [ModSecurity] failed to parse a modsec variable. while parsing: %{REQUEST_COOKIES.pwg_id} | ||
+ | 2018-10-08 15:51:43.110937 ERROR [ModSecurity] failed to parse a modsec variable. while parsing: %{REQUEST_COOKIES.pwg_id} | ||
+ | |||
+ | We try to keep LSWS compatible with the latest mod_security 2.5(and above) and gotroot rules. LSWS supports most of these rules and attempts not to miss any really important features/rules used in the real world. We also keep updating support based on our user feedback. However, because of the complexity and always updating nature of these security rules, it is not possible to be 100% compatible with Apache at any one time. | ||
+ | |||
+ | The above error messages simply mean these variables are not supported by LSWS yet. They can be simply ignored. | ||
+ | We will periodically review our mod_security engine and add new support to it. Stay tuned. |