Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
litespeed_wiki:lslb:should_not_enable_mod_security [2019/01/21 21:54] Jackson Zhang [Should I enable mod_security on ADC or on the backend web servers?] |
litespeed_wiki:lslb:should_not_enable_mod_security [2019/01/23 15:29] Lisa Clarke Proofreading |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Should I enable mod_security on ADC or on the backend web servers? ====== | + | ====== Using ModSecurity with LiteSpeed Web ADC ====== |
| + | You want to enable mod_security, but should you do so at the ADC level, or on the backend web servers? | ||
| - | ===== Ahould not enable mod_security on ADC ===== | + | Both LiteSpeed Web Server and LiteSpeed Web ADC support the WAF feature. However, we //do not recommend you enable mod_security rules on the ADC// since it will dramatically slow down the distribution of data. Instead, you should let the backend LiteSpeed Web Servers handle the heavy load incurred by loading, checking, and filtering mod_security rules. |
| - | + | ||
| - | Both LiteSpeed Web server and LiteSpeed ADC support WAF feature. However, we do not recommend you enable mod_security rule on ADC since it will dramatically slow down of distributing data. Instead, you should let backend LiteSpeed web servers to handle such heavy mod_security rules loading/checking/filtering. | + | |
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| - | + | Let's say you followed [[litespeed_wiki:waf:standalone|our wiki instructions]] to enable Comodo mod_security rules on the ADC, but you are running into the following errors: | |
| - | A user tried to enable comodo mod_security rules set by following [[litespeed_wiki:waf:standalone|LSWS WAF enabling wiki]]. However, it runs into the following errors: | + | |
| 2019-01-21 15:56:07.542332 [ERROR] Invalid request filter directive: SecComponentSignature "CWAF_Litespeed" | 2019-01-21 15:56:07.542332 [ERROR] Invalid request filter directive: SecComponentSignature "CWAF_Litespeed" | ||
| Line 18: | Line 16: | ||
| 2019-01-21 15:56:08.003946 [ERROR] Invalid request filter directive: <LocationMatch /options-general.php | 2019-01-21 15:56:08.003946 [ERROR] Invalid request filter directive: <LocationMatch /options-general.php | ||
| - | LiteSpeed ADC does support WAF feature and most of the rules set should work without any problem. However, ''LocationMatch'' is not supported by ADC. The above error can be safely ignored. By the way, we recommend you should avoid using mod_sec rule at ADC when possible. | + | LiteSpeed's ADC //does// support WAF, and most of the rule sets should work without any problem. However, ''LocationMatch'' is //not// supported by the ADC. The above error can be safely ignored. Though, like we stated earlier, we recommend you avoid using mod_security rules at the ADC level whenever possible. |