This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
litespeed_wiki:lslb:should_not_enable_mod_security [2019/01/23 15:29]
Lisa Clarke Proofreading
litespeed_wiki:lslb:should_not_enable_mod_security [2020/11/18 15:43] (current)
Lisa Clarke Redirect to new Documentation Site
Line 1: Line 1:
-====== Using ModSecurity with LiteSpeed Web ADC ====== +~~REDIRECT>​https://docs.litespeedtech.com/products/lsadc/troubleshoot/~~
-You want to enable mod_security,​ but should you do so at the ADC level, or on the backend web servers? +
- +
-Both LiteSpeed Web Server and LiteSpeed Web ADC support the WAF feature. However, we //do not recommend you enable mod_security rules on the ADC// since it will dramatically slow down the distribution of data. Instead, you should let the backend LiteSpeed Web Servers handle the heavy load incurred by loading, checking, and filtering mod_security rules. +
- +
-===== Troubleshooting ===== +
-Let's say you followed [[litespeed_wiki:​waf:​standalone|our wiki instructions]] to enable Comodo mod_security rules on the ADC, but you are running into the following errors: +
- +
-  2019-01-21 15:​56:​07.542332 [ERROR] Invalid request filter directive: SecComponentSignature "​CWAF_Litespeed"​ +
-  2019-01-21 15:​56:​07.542355 [ERROR] Invalid request filter directive: SecResponseBodyAccess Off +
-  2019-01-21 15:​56:​07.542362 [ERROR] Invalid request filter directive: SecDefaultAction "​phase:​2,​deny,​status:​403,​log,​auditlog"​ +
-  2019-01-21 15:​56:​07.746495 [ERROR] Invalid request filter directive<​LocationMatch ​/wp-admin/(admin|admin-ajax|edit|options|options-general|plugin-editor|themes|theme-editor|tools|plugin-install|post|page|widgets|media|edit-tags).php +
-  2019-01-21 15:56:07.757162 [ERROR] Invalid request filter directive: <​LocationMatch phpmyadmin +
-  2019-01-21 15:​56:​07.758772 [ERROR] Invalid request filter directive: <​LocationMatch "/index.php +
-  2019-01-21 15:​56:​07.838504 [ERROR] Invalid request filter directive: <​LocationMatch "​wp-admin/.*$ +
-  2019-01-21 15:​56:​08.003946 [ERROR] Invalid request filter directive: <​LocationMatch ​/options-general.php +
-  +
-LiteSpeed'​s ADC //does// support WAF, and most of the rule sets should work without any problem. However, ''​LocationMatch''​ is //not// supported by the ADC. The above error can be safely ignored. ​ Though, like we stated earlier, we recommend you avoid using mod_security rules at the ADC level whenever possible.+
  • Admin
  • Last modified: 2019/01/23 15:29
  • by Lisa Clarke