Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
litespeed_wiki:lslb:should_not_enable_mod_security [2019/01/22 05:41]
Gary Duan
litespeed_wiki:lslb:should_not_enable_mod_security [2019/01/23 15:29] (current)
Lisa Clarke Proofreading
Line 1: Line 1:
-====== ​Should I enable mod_security ​on ADC or on the backend web servers? ​======+====== ​Using ModSecurity with LiteSpeed Web ADC ====== 
 +You want to enable mod_security, but should you do so at the ADC level, ​or on the backend web servers?
  
-===== Should not enable mod_security on ADC ===== +Both LiteSpeed Web Server ​and LiteSpeed ​Web ADC support ​the WAF feature. However, we //do not recommend you enable mod_security ​rules on the ADC// since it will dramatically slow down the distribution ​of data. Instead, you should let the backend LiteSpeed ​Web Servers ​handle ​the heavy load incurred by loadingchecking, and filtering ​mod_security rules.
- +
-Both LiteSpeed Web server ​and LiteSpeed ADC support WAF feature. However, we do not recommend you enable mod_security ​rule on ADC since it will dramatically slow down of distributing ​data. Instead, you should let backend LiteSpeed ​web servers to handle ​such heavy mod_security rules loading/checking/filtering.+
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
- +Let's say you followed ​[[litespeed_wiki:​waf:​standalone|our wiki instructions]] to enable Comodo mod_security rules on the ADCbut you are running ​into the following errors:
-A user tried to enable comodo mod_security rules set by following ​[[litespeed_wiki:​waf:​standalone|LSWS WAF enabling ​wiki]]. Howeverit runs into the following errors:+
  
   2019-01-21 15:​56:​07.542332 [ERROR] Invalid request filter directive: SecComponentSignature "​CWAF_Litespeed"​   2019-01-21 15:​56:​07.542332 [ERROR] Invalid request filter directive: SecComponentSignature "​CWAF_Litespeed"​
Line 18: Line 16:
   2019-01-21 15:​56:​08.003946 [ERROR] Invalid request filter directive: <​LocationMatch /​options-general.php   2019-01-21 15:​56:​08.003946 [ERROR] Invalid request filter directive: <​LocationMatch /​options-general.php
    
-LiteSpeed ADC does support WAF feature ​and most of the rules set should work without any problem. ​ However, ''​LocationMatch''​ is not supported by ADC. The above error can be safely ignored.  ​By the way, we recommend you should ​avoid using mod_sec rule at ADC when possible.+LiteSpeed'​s ​ADC //does// support WAFand most of the rule sets should work without any problem. However, ''​LocationMatch''​ is //not// supported by the ADC. The above error can be safely ignored.  ​Though, like we stated earlier, we recommend you avoid using mod_security rules at the ADC level whenever ​possible.
  • Admin
  • Last modified: 2019/01/23 15:29
  • by Lisa Clarke