Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
litespeed_wiki:lslb:should_not_enable_mod_security [2019/01/23 15:29] Lisa Clarke Proofreading |
litespeed_wiki:lslb:should_not_enable_mod_security [2020/11/18 15:43] (current) Lisa Clarke Redirect to new Documentation Site |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Using ModSecurity with LiteSpeed Web ADC ====== | + | ~~REDIRECT>https://docs.litespeedtech.com/products/lsadc/troubleshoot/~~ |
- | You want to enable mod_security, but should you do so at the ADC level, or on the backend web servers? | + | |
- | + | ||
- | Both LiteSpeed Web Server and LiteSpeed Web ADC support the WAF feature. However, we //do not recommend you enable mod_security rules on the ADC// since it will dramatically slow down the distribution of data. Instead, you should let the backend LiteSpeed Web Servers handle the heavy load incurred by loading, checking, and filtering mod_security rules. | + | |
- | + | ||
- | ===== Troubleshooting ===== | + | |
- | Let's say you followed [[litespeed_wiki:waf:standalone|our wiki instructions]] to enable Comodo mod_security rules on the ADC, but you are running into the following errors: | + | |
- | + | ||
- | 2019-01-21 15:56:07.542332 [ERROR] Invalid request filter directive: SecComponentSignature "CWAF_Litespeed" | + | |
- | 2019-01-21 15:56:07.542355 [ERROR] Invalid request filter directive: SecResponseBodyAccess Off | + | |
- | 2019-01-21 15:56:07.542362 [ERROR] Invalid request filter directive: SecDefaultAction "phase:2,deny,status:403,log,auditlog" | + | |
- | 2019-01-21 15:56:07.746495 [ERROR] Invalid request filter directive: <LocationMatch /wp-admin/(admin|admin-ajax|edit|options|options-general|plugin-editor|themes|theme-editor|tools|plugin-install|post|page|widgets|media|edit-tags).php | + | |
- | 2019-01-21 15:56:07.757162 [ERROR] Invalid request filter directive: <LocationMatch phpmyadmin | + | |
- | 2019-01-21 15:56:07.758772 [ERROR] Invalid request filter directive: <LocationMatch "/index.php | + | |
- | 2019-01-21 15:56:07.838504 [ERROR] Invalid request filter directive: <LocationMatch "wp-admin/.*$ | + | |
- | 2019-01-21 15:56:08.003946 [ERROR] Invalid request filter directive: <LocationMatch /options-general.php | + | |
- | + | ||
- | LiteSpeed's ADC //does// support WAF, and most of the rule sets should work without any problem. However, ''LocationMatch'' is //not// supported by the ADC. The above error can be safely ignored. Though, like we stated earlier, we recommend you avoid using mod_security rules at the ADC level whenever possible. | + |