Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:mod_security_faq [2018/10/08 20:34] Jackson Zhang [Unsupported Variable error] |
litespeed_wiki:config:mod_security_faq [2018/11/27 20:42] Jackson Zhang |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| A concurrent-mode audit log is only useful for servers like Apache which is process-driven and has multiple processes that may change UID. LiteSpeed is event-driven, and as such, concurrent mode is not needed. | A concurrent-mode audit log is only useful for servers like Apache which is process-driven and has multiple processes that may change UID. LiteSpeed is event-driven, and as such, concurrent mode is not needed. | ||
| - | ===== Unsupported Variable error ==== | + | ===== Unsupported Variable Error ==== |
| - | Sometime you may see some error like the following: | + | Sometimes you may see some errors like the following: |
| 2018-10-08 15:51:43.075081 ERROR [ModSecurity] FILES:import_file "@rx <": Rule not supported. | 2018-10-08 15:51:43.075081 ERROR [ModSecurity] FILES:import_file "@rx <": Rule not supported. | ||
| Line 42: | Line 42: | ||
| /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_litespeed/100_Init_Initialization.conf | /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_litespeed/100_Init_Initialization.conf | ||
| - | We try to keep LSWS compatible with the latest mod_security 2.5(and above) and gotroot rules. LSWS supports most of these rules and attempts not to miss any really important features/rules used in the real world. We also keep updating support based on our user feedback. However, because of the complexity and always updating nature of these security rules, it is not possible to be 100% compatible with Apache at any one time. | + | We try to keep LSWS compatible with the latest mod_security 2.5(and above) and gotroot rules. LSWS supports most of these rules. We attempt not to miss any really important features/rules used in the real world, and we regularly add support for more features based on our user feedback. However, because of the complexity and fluctuating nature of these security rules, it is not possible to be 100% compatible with Apache at any one time. |
| - | The above error messages simply mean these variables are not supported by LSWS yet. They can be simply ignored. | + | The above error messages simply mean the given variables are not supported by LSWS yet. The errors can simply be ignored. We periodically review our mod_security engine and frequently add new support. Stay tuned. |
| - | We will periodically review our mod_security engine and add new support to it. Stay tuned. | + | |
| + | ===== LSWS doesn't support "LocationMatch" directive ===== | ||
| + | When you use 'SecDebugLogLevel', 'SecAuditLogParts' or 'SecAuditLog' within "LocationMatch" directive, you may see the following error on LSWS: | ||
| + | Directive 'SecDebugLogLevel' is not allowed in current context. | ||
| + | Directive 'SecAuditLogParts' is not allowed in current context. | ||
| + | Directive 'SecAuditLog' is not allowed in current context. | ||
| + | |||
| + | LSWS doesn't support "LocationMatch" directive. Audit log is only set at server level, while debug log level can be set at vhost level. We have no plan to make it available at matching context level, which will be counterproductive to the optimization apply to the engine. | ||