Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:waf:standalone [2017/09/12 18:23]
Lisa Clarke [Add WAF Rule Set]
+++ litespeed_wiki:waf:standalone [2018/10/05 20:02]
Jackson Zhang [How to Setup Comodo on Standalone LiteSpeed Web Server]
@@ Line 1: / Line 1: @@
-====== How to Setup Comodo on Standalone LiteSpeed Web Server======
+====== How to enable mod_security rules on Standalone LiteSpeed Web Server======
+In LSWS Web Admin console, there is "Web Application Firewall (WAF)" under: Server -> Security ->  "Web Application Firewall (WAF). It is a LSWS built-in feature to enable and add mod_scurity rule set on an LSWS native server. For a control panel environment, these steps are unnecessary. Simply enable the mod_security rule set from the control panel, the same way you would enable a rule set for Apache. For more information on that, please see [[litespeed_wiki:waf#with_a_control_panel|this wiki]].
+{{ :litespeed_wiki:waf:lsws-builtin-waf.png?600 |}}
+There are many rule sets you can choose, such as: OWASP, Comodo, Atomicorp, Unify360 etc. LSWS are compatible with these rule sets and it is up to you to choose one of them. The following will use Comodo rule set as an example to show you how to enable mod_security rule set on LSWS native mode.
 [[https://waf.comodo.com/ | Comodo ]] is a Mod_Security rule set created by the Comodo Team. It provides real time protection for web apps running on the LiteSpeed Web Server. Its functions include:
   * Protecting sensitive customer data
@@ Line 40: / Line 47: @@
 =====Enable Firewall=====
-**Configurations >> Server >> Security >> Web Application Firewall (WAF)**
+Navigate to **Configurations >> Server >> Security >> Web Application Firewall (WAF)**
 {{ :litespeed_wiki:waf:waf-enable.png?600 |}}
-  * Enable WAF	: Yes
+  * **Enable WAF**: ''Yes''
-  * Log Level: 0
+  * **Log Level**: ''0''
-  * Default Action: deny,log,status:403
+  * **Default Action**: ''deny,log,status:403''
-  * Scan Request Body: Yes (If set to 'Yes' will scan post request body)
+  * **Scan Request Body**: ''Yes'' (If set to ''Yes'' will scan post request body)
-  * Temporary File Path: /tmp
+  * **Temporary File Path**: ''/tmp''
-  * Disable .htaccess Override: Not Set
+  * **Disable .htaccess Override**: ''Not Set''
-  * Enable Security Audit Log: Not Set
+  * **Enable Security Audit Log**: ''Not Set''
-  * Security Audit Log: $SERVER_ROOT/logs/security_audit.log
+  * **Security Audit Log**: ''$SERVER_ROOT/logs/security_audit.log''
-Click ''Save'' to enable the firewall, and perform Graceful Restart.
+Click **Save** to enable the firewall, and perform Graceful Restart.
 ===== Verify Comodo =====
-  - After setting up Comodo, you may need to restart LiteSpeed Web Server
+====Method 1====
   - To check CWAF for protection, send the request as shown below: <code>http://$server_domain/?a=b AND 1=1</code> The server will respond with a 403 status code \\ {{:litespeed_wiki:waf:comodo-5.png?500|}}
+====Method 2: Command injection attack====
+  - Create a delete.php file with following codes \\ <code>
+<?php
+print("Please specify the name of the file to delete");
+print("<p>");
+$file=$_GET['filename'];
+system("rm $file");
+?>
+</code>
+  - Create a dummy file \\ <code>touch bob.txt</code>
+  - Open <code> http://$server_domain/delete.php?filename=bob.txt;id </code>
+If WAF works, you will get a 403 forbidden page