Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
litespeed_wiki:config:understanding_500 [2019/05/10 19:18]
Jackson Zhang
litespeed_wiki:config:understanding_500 [2019/10/15 13:45]
Jackson Zhang
Line 270: Line 270:
 ===== OWASP ModSecurity rule set may trigger 500 when using Imunify360 together ===== ===== OWASP ModSecurity rule set may trigger 500 when using Imunify360 together =====
 OWASP rule set may conflict with Imunify360 default rule set on a server running LiteSpeed Web Server. Please choose only one mod_security rule set.  OWASP rule set may conflict with Imunify360 default rule set on a server running LiteSpeed Web Server. Please choose only one mod_security rule set. 
 +
 +For OWASP rulesets, in crs-setup.conf:​
 +  SecAction "​id:​900990,​ phase:1, nolog, pass, t:none, setvar:​tx.crs_setup_version=302"​
 +  ​
 +in /​etc/​apache2/​conf.d/​modsec_vendor_configs/​OWASP3/​rules/​REQUEST-901-INITIALIZATION.conf
 +  SecRule &​TX:​crs_setup_version "@eq 0" "​id:​901001,​ phase:1, auditlog, log, deny, status:500, severity:​CRITICAL,​ msg:'​ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf,​ and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions.'"​
 +
 +crs-setup.conf has to be loaded first then the rest of rules including REQUEST-901-INITIALIZATION.conf.
 +
 +Imunify360 could break the loading order of the above rule set and lead to "​500"​ errors.
 +  ​
 +
  • Admin
  • Last modified: 2019/10/16 12:31
  • by Jackson Zhang