Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
litespeed_wiki:config:mod_security_faq [2018/05/15 14:34]
Lisa Clarke Proofreading
litespeed_wiki:config:mod_security_faq [2018/11/27 21:22] (current)
Lisa Clarke [You should not place 'SecDebugLogLevel' inside "LocationMatch" context] Proofreading
Line 6: Line 6:
 A concurrent-mode audit log is only useful for servers like Apache which is process-driven and has multiple processes that may change UID. LiteSpeed is event-driven,​ and as such, concurrent mode is not needed. A concurrent-mode audit log is only useful for servers like Apache which is process-driven and has multiple processes that may change UID. LiteSpeed is event-driven,​ and as such, concurrent mode is not needed.
  
 +===== Unsupported Variable Error ====
 +Sometimes you may see some errors like the following:
 +
 +  2018-10-08 15:​51:​43.075081 ​ ERROR   ​[ModSecurity] FILES:​import_file "@rx <": Rule not supported.
 +  2018-10-08 15:​51:​43.077152 ​ ERROR   ​[ModSecurity] failed to parse a modsec variable. while parsing: %{TIME_EPOCH}
 +  2018-10-08 15:​51:​43.077934 ​ ERROR   ​[ModSecurity] unknown server variable while parsing: FILES:​import_file
 +  2018-10-08 15:​51:​43.077942 ​ ERROR   ​[ModSecurity] FILES:​import_file "​@contains <": Rule not supported.
 +  2018-10-08 15:​51:​43.081368 ​ ERROR   ​[ModSecurity] unknown server variable while parsing: MATCHED_VARS_NAMES
 +  2018-10-08 15:​51:​43.081385 ​ ERROR   ​[ModSecurity] MATCHED_VARS_NAMES "@rx ^ARGS:​AGENDA_EXT_(?:​NAME|SRC|COLOR)__[\d]{1}$"​ "​t:​none":​ Rule not supported.
 +  2018-10-08 15:​51:​43.104981 ​ ERROR   ​[ModSecurity] unknown server variable while parsing: FILES:file
 +  2018-10-08 15:​51:​43.105000 ​ ERROR   ​[ModSecurity] FILES:file "​@contains <" "​t:​none,​t:​urlDecodeUni,​t:​htmlEntityDecode":​ Rule not supported.
 +  2018-10-08 15:​51:​43.110779 ​ ERROR   ​[ModSecurity] failed to parse a modsec variable. while parsing: %{REQUEST_COOKIES.pwg_id}
 +  2018-10-08 15:​51:​43.110937 ​ ERROR   ​[ModSecurity] failed to parse a modsec variable. while parsing: %{REQUEST_COOKIES.pwg_id}
 +
 +or
 +  2018-09-26 16:​57:​36.700054 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​001_i360_1_generic.conf
 +  2018-09-26 16:​57:​36.700631 [ERROR] [ModSecurity] unknown server variable while parsing: FILES_COMBINED_SIZE
 +  2018-09-26 16:​57:​36.700669 [ERROR] [ModSecurity] FILES_COMBINED_SIZE "@gt %{tx.combined_file_sizes}"​ "​t:​none":​ Rule not supported.
 +  2018-09-26 16:​57:​36.703233 [ERROR] [ModSecurity] unknown server variable while parsing: MATCHED_VARS_NAMES
 +  2018-09-26 16:​57:​36.703266 [ERROR] [ModSecurity] MATCHED_VARS_NAMES "​TX:​paramcounter_(.*)"​ "​capture":​ Rule not supported.
 +  2018-09-26 16:​57:​36.706773 [ERROR] [ModSecurity] unknown server variable while parsing: ARGS_COMBINED_SIZE
 +  2018-09-26 16:​57:​36.706802 [ERROR] [ModSecurity] ARGS_COMBINED_SIZE "@gt %{tx.total_arg_length}"​ "​t:​none":​ Rule not supported.
 +  2018-09-26 16:​57:​36.707414 [ERROR] [ModSecurity] unknown server variable while parsing: REQBODY_ERROR
 +  2018-09-26 16:​57:​36.707456 [ERROR] [ModSecurity] REQBODY_ERROR "!@eq 0" "​msg:'​Failed to parse request body.||MVN:​%{MATCHED_VAR_NAME}||T:​LITESPEED||MV:​%{MATCHED_VAR}||PC:​%{PERF_COMBINED}',​tag:'​i360',​id:​88139653,​rev:'​1',​maturity:'​9',​accuracy:'​9',​phase:​request,​pass,​t:​none,​tag:'​noshow',​severity:​7,​tag:'​o'":​ Rule not supported.
 +  2018-09-26 16:​57:​36.708774 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​002_i360_2_bruteforce.conf
 +  2018-09-26 16:​57:​36.709169 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​003_i360_3_wallarm.conf
 +  2018-09-26 16:​57:​36.709222 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​004_i360_4_webshells.conf
 +  2018-09-26 16:​57:​36.907572 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​005_i360_5_custom.conf
 +  2018-09-26 16:​57:​36.908424 [INFO] Processing config file: 
 +  /​etc/​apache2/​conf.d/​modsec_vendor_configs/​imunify360_full_litespeed/​100_Init_Initialization.conf
 +
 +We try to keep LSWS compatible with the latest mod_security 2.5(and above) and gotroot rules. LSWS supports most of these rules. We attempt not to miss any really important features/​rules used in the real world, and we regularly add support for more features based on our user feedback. ​ However, because of the complexity and fluctuating nature of these security rules, it is not possible to be 100% compatible with Apache at any one time. 
 +
 +The above error messages simply mean the given variables are not supported by LSWS yet. The errors can simply be ignored. We periodically review our mod_security engine and frequently add new support. Stay tuned.  ​
 +
 +===== Does LSWS Support the "​LocationMatch"​ directive? =====
 +When you use ''​SecDebugLogLevel'',​ ''​SecAuditLogParts''​ or ''​SecAuditLog''​ within the ''​LocationMatch''​ directive, you may see the following errors on LSWS:
 +
 +  Directive '​SecDebugLogLevel'​ is not allowed in current context.
 +  Directive '​SecAuditLogParts'​ is not allowed in current context.
 +  Directive '​SecAuditLog'​ is not allowed in current context.
 +
 +LiteSpeed Web Server //does// support the ''​LocationMatch''​ context, however the above three directives may not be configured within it. On LSWS, audit log can only be set at the server level, and the debug log level can be set at vhost level. We have no plans to make these directives available at the matching context level, as it would be counterproductive to the optimization applied to the engine.
 
litespeed_wiki/config/mod_security_faq.1526394848.txt.gz · Last modified: 2018/05/15 14:34 by Lisa Clarke