Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:waf:standalone [2017/09/12 18:25]
Lisa Clarke [Enable Firewall]
+++ litespeed_wiki:waf:standalone [2018/10/05 15:50]
Jackson Zhang [How to Setup Comodo on Standalone LiteSpeed Web Server]
@@ Line 6: / Line 6: @@
   * Preventing SQL injection and Cross Site Scripting (XSS) attacks
+The following wiki will show your steps on how to enable mod_security rule set on LSWS native server. For control panel environment, you don't need settings described from here and you can simply enable mod_security rule set from the control panel, the same way as enabling rule set for Apache, please check [[litespeed_wiki:waf#with_a_control_panel|here]].
 ===== Download and Extract Rules =====
@@ Line 56: / Line 57: @@
 ===== Verify Comodo =====
-  - After setting up Comodo, you may need to restart LiteSpeed Web Server
+====Method 1====
   - To check CWAF for protection, send the request as shown below: <code>http://$server_domain/?a=b AND 1=1</code> The server will respond with a 403 status code \\ {{:litespeed_wiki:waf:comodo-5.png?500|}}
+====Method 2: Command injection attack====
+  - Create a delete.php file with following codes \\ <code>
+<?php
+print("Please specify the name of the file to delete");
+print("<p>");
+$file=$_GET['filename'];
+system("rm $file");
+?>
+</code>
+  - Create a dummy file \\ <code>touch bob.txt</code>
+  - Open <code> http://$server_domain/delete.php?filename=bob.txt;id </code>
+If WAF works, you will get a 403 forbidden page