Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:waf [2018/03/27 20:58]
Jackson Zhang [LSWS with control panel]
+++ litespeed_wiki:waf [2020/01/06 21:10]
Jackson Zhang [LSWS's Built-in WAF Security Features]
@@ Line 1: / Line 1: @@
-====== Web Application Firewall ======
+====== Web Application Firewall/Mod_security ======
+LiteSpeed Web Server offers [[litespeed_wiki:config:mod_security-compatibility|excellent ModSecurity compatibility]], allowing sophisticated rules for filtering out attacking requests by checking for known attack signatures. LSWS has built-in WAF security features to block bad connections. LiteSpeed also works well with popular mod_security rules set such as **Owasp**, **Atomicorp**, **Comodo** and **CloudLinux Imunify360**.  LiteSpeed works well with other firewalls such as ConfigServer Security & Firewall (csf) etc.
-LiteSpeed Web Server offers excellent ModSecurity compatibility, allowing sophisticated rules for filtering out attacking requests by checking for known attack signatures. LSWS has built-in WAF security features to block bad connections. LiteSpeed also works well with popular mod_security rules set such as Owasp, Atomicorp, Comodo and CloudLinux Imunify360.
+===== LSWS's Built-in WAF Security Features =====
-===== LSWS's built-in security features =====
+  * [[litespeed_wiki:config:mitigating-ddos-attacks|Mitigating HTTP-level DDoS Attacks with LSWS's security features]]
-|[[litespeed_wiki:config:mitigating-ddos-attacks|Mitigating HTTP-level DDoS Attacks]]|How to mitigate DDoS attacks with LSWS's security features|
+  * [[https://store.litespeedtech.com/store/knowledgebase.php?action=displayarticle&id=125|Advanced Anti-DDos Setup Service: LiteSpeed can set it up for you. Learn how it works and what it entails.]]
-|[[https://store.litespeedtech.com/store/knowledgebase.php?action=displayarticle&id=125|Understanding LiteSpeed Advanced Anti-DDos Setup Service]]|Fine tune anti-DDoS configurations and set up a script using iptables to automatically block attacking IPs detected by web server.|
+  * [[litespeed_wiki:waf:standalone|What is LSWS Web Application Firewall (WAF) Feature and How to enable it?]]
+  * [[litespeed_wiki:config:wordpress-protection |How the WordPress Protection built-in to LSWS works]]
+  * [[litespeed_wiki:config:xmlrpc.php_bot_attack_block |How to block bot attack]]
+  * [[litespeed_wiki:config:waf:disable-waf-in-htaccess|How to disable modsecurity for a single domain in .htaccess?]]
+  * [[litespeed_wiki:config:recaptcha|How to enable reCAPTCHA to protect your server?]]
+  * [[litespeed_wiki:waf:avoid-faked-bots|How to avoid faked google bot?]]
+===== LSWS and Common WAF Rule Sets =====
+As mentioned previously, LSWS supports most of the ''mod_security'' rules commonly used. Since Apache and LiteSpeed may have different rule sets, please make sure to download the appropriate set for each web server. The following will explain the detailed steps for configuring rule sets for use with LSWS.
-===== LSWS works well with common WAF Mod_security rule sets=====
+==== With a Control Panel ====
+=== cPanel ===
+  * [[litespeed_wiki:waf:comodo|How to install and configure Comodo mod_security rules to work with LiteSpeed on cPanel]]
+  * [[https://documentation.cpanel.net/display/70Docs/ModSecurity+Vendors|How to use cPanel's ModSecurity Vendors feature with LSWS]]
+  * [[https://docs.imunify360.com/index.html?hosting_panels_specific_settin.htm|Imunify360:  Hosting Control Panels Specific Settings]]
+==== Without a Control Panel ====
+  * [[litespeed_wiki:waf:standalone|How to install and configure Comodo mod_security rules to work with Standalone LiteSpeed Web Server]]
+  * [[litespeed_wiki:waf:lsws-using-apache-conf| How to install/configure mod_security rules to work with LiteSpeed Web Server reading Apache conf but without control panel]]
+  * [[https://www.owasp.org/index.php/Main_Page|How to use OWASP mod_security rules with LiteSpeed Web Server]]
+  * [[https://wiki.atomicorp.com/wiki/index.php/Litespeed|How to use Atomicorp mod_security rules with LiteSpeed Web Server]]
-LSWS support most of the mod_security rules commonly used, such as Owasp, Atomicorp, Comodo and CloudLinux Imunify360. Since Apache and LiteSpeed may have different rules set, please make sure to download the right rules set with the right web server. The following will explain the detailed steps on how to configure rules set to use with LSWS.
+===== FAQ =====
+Please see these [[litespeed_wiki:config:mod_security_faq|Frequently Asked Questions about Mod Security on LSWS]].
+===== Troubleshooting =====
+[[litespeed_wiki:config:mod_security-compatibility|mod_security Compatibility]].
-==== LSWS with control panel ====
+[[litespeed_wiki:config:mod_security_no_log|I can not see LSWS loging any activities but apache logging ok]].
-=== LSWS with cpanel ===
-|[[litespeed_wiki:waf:comodo| Install and configure Comodo WAF to use with LiteSpeed on a cPanel server]]|How to install and configure Comodo mod_security rules to work with LiteSpeed on cPanel|
-|[[https://documentation.cpanel.net/display/70Docs/ModSecurity+Vendors| cPanel ModSecurity Vendors feature]]| Use cPanel ModSecurity Vendors feature with LSWS|
-==== LSWS without control panel ====
-|[[litespeed_wiki:waf:standalone| Install and configure Comodo WAF to use with Standalone LiteSpeed Web Server]]|How to install and configure Comodo mod_security rules to work with Standalone LiteSpeed Web Server|
-|[[https://www.owasp.org/index.php/Main_Page| Use OWASP mod security rule set with LSWS]]|How to use OWASP mod_security rules with LiteSpeed Web Server|
-|[[https://wiki.atomicorp.com/wiki/index.php/Litespeed| Use Atomicorp WAF with LSWS]]|How to use Atomicorp mod_security rules with LiteSpeed Web Server|
-===== Mod Security compatibility =====
-|[[litespeed_wiki:config:mod_security-compatibility| LSWS compatible with most common mod_security rules]]|Mod Security compatibility|