Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:waf:standalone [2018/10/05 20:02] Jackson Zhang [How to Setup Comodo on Standalone LiteSpeed Web Server] |
litespeed_wiki:waf:standalone [2018/11/08 18:42] Jackson Zhang [The following method won't trigger due to mod_security rule set change] |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| {{ :litespeed_wiki:waf:lsws-builtin-waf.png?600 |}} | {{ :litespeed_wiki:waf:lsws-builtin-waf.png?600 |}} | ||
| - | There are many rule sets you can choose, such as: OWASP, Comodo, Atomicorp, Unify360 etc. LSWS are compatible with these rule sets and it is up to you to choose one of them. The following will use Comodo rule set as an example to show you how to enable mod_security rule set on LSWS native mode. | + | "Web Application Firewall (WAF)" for LSWS native is for user to choose whether to enable **request content deep inspection**. This feature is equivalent to Apache's mod_security, which can be used to detect and block requests with ill intention by matching them to known signatures. |
| + | There are many rules sets you can choose, such as: **OWASP**, **Comodo**, **Atomicorp**, **Imunify360** etc. LSWS are compatible with these rule sets and it is up to you to choose one of them. You can also come up with your own customised rules if you are familiar with crafting mod_security rule set. | ||
| + | |||
| + | The following wiki will use Comodo rule set as an example to show you how to enable mod_security rule set on LSWS native mode. | ||
| [[https://waf.comodo.com/ | Comodo ]] is a Mod_Security rule set created by the Comodo Team. It provides real time protection for web apps running on the LiteSpeed Web Server. Its functions include: | [[https://waf.comodo.com/ | Comodo ]] is a Mod_Security rule set created by the Comodo Team. It provides real time protection for web apps running on the LiteSpeed Web Server. Its functions include: | ||
| Line 62: | Line 65: | ||
| Click **Save** to enable the firewall, and perform Graceful Restart. | Click **Save** to enable the firewall, and perform Graceful Restart. | ||
| - | ===== Verify Comodo ===== | + | ===== Test mod_security rule set ===== |
| ====Method 1==== | ====Method 1==== | ||
| - To check CWAF for protection, send the request as shown below: <code>http://$server_domain/?a=b AND 1=1</code> The server will respond with a 403 status code \\ {{:litespeed_wiki:waf:comodo-5.png?500|}} | - To check CWAF for protection, send the request as shown below: <code>http://$server_domain/?a=b AND 1=1</code> The server will respond with a 403 status code \\ {{:litespeed_wiki:waf:comodo-5.png?500|}} | ||
| ====Method 2: Command injection attack==== | ====Method 2: Command injection attack==== | ||
| + | |||
| + | |||
| + | ===== Troubleshooting ===== | ||
| + | |||
| + | ==== The following method won't trigger due to mod_security rule set change ===== | ||
| + | |||
| + | The following test method for command inject attack won't work due to the mod_scurity rule set change: | ||
| + | |||
| - Create a delete.php file with following codes \\ <code> | - Create a delete.php file with following codes \\ <code> | ||
| <?php | <?php | ||
| Line 77: | Line 88: | ||
| - Create a dummy file \\ <code>touch bob.txt</code> | - Create a dummy file \\ <code>touch bob.txt</code> | ||
| - Open <code> http://$server_domain/delete.php?filename=bob.txt;id </code> | - Open <code> http://$server_domain/delete.php?filename=bob.txt;id </code> | ||
| - | If WAF works, you will get a 403 forbidden page | + | |
| + | you will not get a 403 forbidden page if you test as above. Please use other methods to test. | ||