Using ModSecurity with LiteSpeed Web ADC

You want to enable mod_security, but should you do so at the ADC level, or on the backend web servers?

Both LiteSpeed Web Server and LiteSpeed Web ADC support the WAF feature. However, we do not recommend you enable mod_security rules on the ADC since it will dramatically slow down the distribution of data. Instead, you should let the backend LiteSpeed Web Servers handle the heavy load incurred by loading, checking, and filtering mod_security rules.

Let's say you followed our wiki instructions to enable Comodo mod_security rules on the ADC, but you are running into the following errors:

2019-01-21 15:56:07.542332 [ERROR] Invalid request filter directive: SecComponentSignature "CWAF_Litespeed"
2019-01-21 15:56:07.542355 [ERROR] Invalid request filter directive: SecResponseBodyAccess Off
2019-01-21 15:56:07.542362 [ERROR] Invalid request filter directive: SecDefaultAction "phase:2,deny,status:403,log,auditlog"
2019-01-21 15:56:07.746495 [ERROR] Invalid request filter directive: <LocationMatch /wp-admin/(admin|admin-ajax|edit|options|options-general|plugin-editor|themes|theme-editor|tools|plugin-install|post|page|widgets|media|edit-tags).php
2019-01-21 15:56:07.757162 [ERROR] Invalid request filter directive: <LocationMatch phpmyadmin
2019-01-21 15:56:07.758772 [ERROR] Invalid request filter directive: <LocationMatch "/index.php
2019-01-21 15:56:07.838504 [ERROR] Invalid request filter directive: <LocationMatch "wp-admin/.*$
2019-01-21 15:56:08.003946 [ERROR] Invalid request filter directive: <LocationMatch /options-general.php

LiteSpeed's ADC does support WAF, and most of the rule sets should work without any problem. However, LocationMatch is not supported by the ADC. The above error can be safely ignored. Though, like we stated earlier, we recommend you avoid using mod_security rules at the ADC level whenever possible.

  • Admin
  • Last modified: 2019/01/23 15:29
  • by Lisa Clarke