Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
litespeed_wiki:lslb:should_not_enable_mod_security [2019/01/21 21:54] Jackson Zhang [Should I enable mod_security on ADC or on the backend web servers?] |
litespeed_wiki:lslb:should_not_enable_mod_security [2020/11/18 15:43] (current) Lisa Clarke Redirect to new Documentation Site |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Should I enable mod_security on ADC or on the backend web servers? ====== | + | ~~REDIRECT>https://docs.litespeedtech.com/products/lsadc/troubleshoot/~~ |
| - | + | ||
| - | ===== Ahould not enable mod_security on ADC ===== | + | |
| - | + | ||
| - | Both LiteSpeed Web server and LiteSpeed ADC support WAF feature. However, we do not recommend you enable mod_security rule on ADC since it will dramatically slow down of distributing data. Instead, you should let backend LiteSpeed web servers to handle such heavy mod_security rules loading/checking/filtering. | + | |
| - | + | ||
| - | ===== Troubleshooting ===== | + | |
| - | + | ||
| - | A user tried to enable comodo mod_security rules set by following [[litespeed_wiki:waf:standalone|LSWS WAF enabling wiki]]. However, it runs into the following errors: | + | |
| - | + | ||
| - | 2019-01-21 15:56:07.542332 [ERROR] Invalid request filter directive: SecComponentSignature "CWAF_Litespeed" | + | |
| - | 2019-01-21 15:56:07.542355 [ERROR] Invalid request filter directive: SecResponseBodyAccess Off | + | |
| - | 2019-01-21 15:56:07.542362 [ERROR] Invalid request filter directive: SecDefaultAction "phase:2,deny,status:403,log,auditlog" | + | |
| - | 2019-01-21 15:56:07.746495 [ERROR] Invalid request filter directive: <LocationMatch /wp-admin/(admin|admin-ajax|edit|options|options-general|plugin-editor|themes|theme-editor|tools|plugin-install|post|page|widgets|media|edit-tags).php | + | |
| - | 2019-01-21 15:56:07.757162 [ERROR] Invalid request filter directive: <LocationMatch phpmyadmin | + | |
| - | 2019-01-21 15:56:07.758772 [ERROR] Invalid request filter directive: <LocationMatch "/index.php | + | |
| - | 2019-01-21 15:56:07.838504 [ERROR] Invalid request filter directive: <LocationMatch "wp-admin/.*$ | + | |
| - | 2019-01-21 15:56:08.003946 [ERROR] Invalid request filter directive: <LocationMatch /options-general.php | + | |
| - | + | ||
| - | LiteSpeed ADC does support WAF feature and most of the rules set should work without any problem. However, ''LocationMatch'' is not supported by ADC. The above error can be safely ignored. By the way, we recommend you should avoid using mod_sec rule at ADC when possible. | + | |