Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
litespeed_wiki:config:mod_security_faq [2018/05/15 14:34]
Lisa Clarke Proofreading
litespeed_wiki:config:mod_security_faq [2018/10/08 20:55] (current)
Lisa Clarke [Unsupported Variable error] Proofreading
Line 6: Line 6:
 A concurrent-mode audit log is only useful for servers like Apache which is process-driven and has multiple processes that may change UID. LiteSpeed is event-driven,​ and as such, concurrent mode is not needed. A concurrent-mode audit log is only useful for servers like Apache which is process-driven and has multiple processes that may change UID. LiteSpeed is event-driven,​ and as such, concurrent mode is not needed.
  
 +===== Unsupported Variable Error ====
 +Sometimes you may see some errors like the following:
 +
 +  2018-10-08 15:​51:​43.075081 ​ ERROR   ​[ModSecurity] FILES:​import_file "@rx <": Rule not supported.
 +  2018-10-08 15:​51:​43.077152 ​ ERROR   ​[ModSecurity] failed to parse a modsec variable. while parsing: %{TIME_EPOCH}
 +  2018-10-08 15:​51:​43.077934 ​ ERROR   ​[ModSecurity] unknown server variable while parsing: FILES:​import_file
 +  2018-10-08 15:​51:​43.077942 ​ ERROR   ​[ModSecurity] FILES:​import_file "​@contains <": Rule not supported.
 +  2018-10-08 15:​51:​43.081368 ​ ERROR   ​[ModSecurity] unknown server variable while parsing: MATCHED_VARS_NAMES
 +  2018-10-08 15:​51:​43.081385 ​ ERROR   ​[ModSecurity] MATCHED_VARS_NAMES "@rx ^ARGS:​AGENDA_EXT_(?:​NAME|SRC|COLOR)__[\d]{1}$"​ "​t:​none":​ Rule not supported.
 +  2018-10-08 15:​51:​43.104981 ​ ERROR   ​[ModSecurity] unknown server variable while parsing: FILES:file
 +  2018-10-08 15:​51:​43.105000 ​ ERROR   ​[ModSecurity] FILES:file "​@contains <" "​t:​none,​t:​urlDecodeUni,​t:​htmlEntityDecode":​ Rule not supported.
 +  2018-10-08 15:​51:​43.110779 ​ ERROR   ​[ModSecurity] failed to parse a modsec variable. while parsing: %{REQUEST_COOKIES.pwg_id}
 +  2018-10-08 15:​51:​43.110937 ​ ERROR   ​[ModSecurity] failed to parse a modsec variable. while parsing: %{REQUEST_COOKIES.pwg_id}
 +
 +or
 +  2018-09-26 16:​57:​36.700054 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​001_i360_1_generic.conf
 +  2018-09-26 16:​57:​36.700631 [ERROR] [ModSecurity] unknown server variable while parsing: FILES_COMBINED_SIZE
 +  2018-09-26 16:​57:​36.700669 [ERROR] [ModSecurity] FILES_COMBINED_SIZE "@gt %{tx.combined_file_sizes}"​ "​t:​none":​ Rule not supported.
 +  2018-09-26 16:​57:​36.703233 [ERROR] [ModSecurity] unknown server variable while parsing: MATCHED_VARS_NAMES
 +  2018-09-26 16:​57:​36.703266 [ERROR] [ModSecurity] MATCHED_VARS_NAMES "​TX:​paramcounter_(.*)"​ "​capture":​ Rule not supported.
 +  2018-09-26 16:​57:​36.706773 [ERROR] [ModSecurity] unknown server variable while parsing: ARGS_COMBINED_SIZE
 +  2018-09-26 16:​57:​36.706802 [ERROR] [ModSecurity] ARGS_COMBINED_SIZE "@gt %{tx.total_arg_length}"​ "​t:​none":​ Rule not supported.
 +  2018-09-26 16:​57:​36.707414 [ERROR] [ModSecurity] unknown server variable while parsing: REQBODY_ERROR
 +  2018-09-26 16:​57:​36.707456 [ERROR] [ModSecurity] REQBODY_ERROR "!@eq 0" "​msg:'​Failed to parse request body.||MVN:​%{MATCHED_VAR_NAME}||T:​LITESPEED||MV:​%{MATCHED_VAR}||PC:​%{PERF_COMBINED}',​tag:'​i360',​id:​88139653,​rev:'​1',​maturity:'​9',​accuracy:'​9',​phase:​request,​pass,​t:​none,​tag:'​noshow',​severity:​7,​tag:'​o'":​ Rule not supported.
 +  2018-09-26 16:​57:​36.708774 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​002_i360_2_bruteforce.conf
 +  2018-09-26 16:​57:​36.709169 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​003_i360_3_wallarm.conf
 +  2018-09-26 16:​57:​36.709222 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​004_i360_4_webshells.conf
 +  2018-09-26 16:​57:​36.907572 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​005_i360_5_custom.conf
 +  2018-09-26 16:​57:​36.908424 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​100_Init_Initialization.conf
 +
 +We try to keep LSWS compatible with the latest mod_security 2.5(and above) and gotroot rules. LSWS supports most of these rules. We attempt not to miss any really important features/​rules used in the real world, and we regularly add support for more features based on our user feedback. ​ However, because of the complexity and fluctuating nature of these security rules, it is not possible to be 100% compatible with Apache at any one time. 
 +
 +The above error messages simply mean the given variables are not supported by LSWS yet. The errors can simply be ignored. We periodically review our mod_security engine and frequently add new support. Stay tuned.  ​
 
litespeed_wiki/config/mod_security_faq.1526394848.txt.gz · Last modified: 2018/05/15 14:34 by Lisa Clarke