This is an old revision of the document!


Should I enable mod_security on ADC or on the backend web servers?

Both LiteSpeed Web server and LiteSpeed ADC support WAF feature. However, we do not recommend you enable mod_security rule on ADC since it will dramatically slow down of distributing data. Instead, you should let backend LiteSpeed web servers to handle such heavy mod_security rules loading/checking/filtering.

A user tried to enable comodo mod_security rules set by following LSWS WAF enabling wiki. However, it runs into the following errors:

2019-01-21 15:56:07.542332 [ERROR] Invalid request filter directive: SecComponentSignature "CWAF_Litespeed"
2019-01-21 15:56:07.542355 [ERROR] Invalid request filter directive: SecResponseBodyAccess Off
2019-01-21 15:56:07.542362 [ERROR] Invalid request filter directive: SecDefaultAction "phase:2,deny,status:403,log,auditlog"
2019-01-21 15:56:07.746495 [ERROR] Invalid request filter directive: <LocationMatch /wp-admin/(admin|admin-ajax|edit|options|options-general|plugin-editor|themes|theme-editor|tools|plugin-install|post|page|widgets|media|edit-tags).php
2019-01-21 15:56:07.757162 [ERROR] Invalid request filter directive: <LocationMatch phpmyadmin
2019-01-21 15:56:07.758772 [ERROR] Invalid request filter directive: <LocationMatch "/index.php
2019-01-21 15:56:07.838504 [ERROR] Invalid request filter directive: <LocationMatch "wp-admin/.*$
2019-01-21 15:56:08.003946 [ERROR] Invalid request filter directive: <LocationMatch /options-general.php

LiteSpeed ADC does support WAF feature and most of the rules set should work without any problem. However, LocationMatch is not supported by ADC. The above error can be safely ignored. By the way, we recommend you should avoid using mod_sec rule at ADC when possible.

  • Admin
  • Last modified: 2019/01/21 21:45
  • by Jackson Zhang