Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
litespeed_wiki:waf [2018/10/05 20:05] Jackson Zhang [LSWS's Built-in WAF Security Features] |
litespeed_wiki:waf [2020/01/07 17:19] (current) Lisa Clarke [LSWS's Built-in WAF Security Features] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Web Application Firewall/Mod_security ====== | ====== Web Application Firewall/Mod_security ====== | ||
| - | LiteSpeed Web Server offers [[litespeed_wiki:config:mod_security-compatibility|excellent ModSecurity compatibility]], allowing sophisticated rules for filtering out attacking requests by checking for known attack signatures. LSWS has built-in WAF security features to block bad connections. LiteSpeed also works well with popular mod_security rules set such as Owasp, Atomicorp, Comodo and CloudLinux Imunify360. LiteSpeed works well with other firewalls such as ConfigServer Security & Firewall (csf) etc. | + | LiteSpeed Web Server offers [[litespeed_wiki:config:mod_security-compatibility|excellent ModSecurity compatibility]], allowing sophisticated rules for filtering out attacking requests by checking for known attack signatures. LSWS has built-in WAF security features to block bad connections. LiteSpeed also works well with popular mod_security rules set such as **Owasp**, **Atomicorp**, **Comodo** and **CloudLinux Imunify360**. LiteSpeed works well with other firewalls such as ConfigServer Security & Firewall (csf) etc. |
| ===== LSWS's Built-in WAF Security Features ===== | ===== LSWS's Built-in WAF Security Features ===== | ||
| Line 8: | Line 8: | ||
| * [[litespeed_wiki:config:wordpress-protection |How the WordPress Protection built-in to LSWS works]] | * [[litespeed_wiki:config:wordpress-protection |How the WordPress Protection built-in to LSWS works]] | ||
| * [[litespeed_wiki:config:xmlrpc.php_bot_attack_block |How to block bot attack]] | * [[litespeed_wiki:config:xmlrpc.php_bot_attack_block |How to block bot attack]] | ||
| - | | + | * [[litespeed_wiki:config:waf:disable-waf-in-htaccess|How to disable modsecurity for a single domain in .htaccess]] |
| + | * [[litespeed_wiki:config:recaptcha|How to enable reCAPTCHA to protect your server]] | ||
| + | * [[litespeed_wiki:waf:avoid-faked-bots|How to avoid a faked google bot]] | ||
| ===== LSWS and Common WAF Rule Sets ===== | ===== LSWS and Common WAF Rule Sets ===== | ||
| As mentioned previously, LSWS supports most of the ''mod_security'' rules commonly used. Since Apache and LiteSpeed may have different rule sets, please make sure to download the appropriate set for each web server. The following will explain the detailed steps for configuring rule sets for use with LSWS. | As mentioned previously, LSWS supports most of the ''mod_security'' rules commonly used. Since Apache and LiteSpeed may have different rule sets, please make sure to download the appropriate set for each web server. The following will explain the detailed steps for configuring rule sets for use with LSWS. | ||
| Line 20: | Line 22: | ||
| ==== Without a Control Panel ==== | ==== Without a Control Panel ==== | ||
| * [[litespeed_wiki:waf:standalone|How to install and configure Comodo mod_security rules to work with Standalone LiteSpeed Web Server]] | * [[litespeed_wiki:waf:standalone|How to install and configure Comodo mod_security rules to work with Standalone LiteSpeed Web Server]] | ||
| + | * [[litespeed_wiki:waf:lsws-using-apache-conf| How to install/configure mod_security rules to work with LiteSpeed Web Server reading Apache conf but without control panel]] | ||
| * [[https://www.owasp.org/index.php/Main_Page|How to use OWASP mod_security rules with LiteSpeed Web Server]] | * [[https://www.owasp.org/index.php/Main_Page|How to use OWASP mod_security rules with LiteSpeed Web Server]] | ||
| * [[https://wiki.atomicorp.com/wiki/index.php/Litespeed|How to use Atomicorp mod_security rules with LiteSpeed Web Server]] | * [[https://wiki.atomicorp.com/wiki/index.php/Litespeed|How to use Atomicorp mod_security rules with LiteSpeed Web Server]] | ||
| Line 27: | Line 30: | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| + | [[litespeed_wiki:config:mod_security-compatibility|mod_security Compatibility]]. | ||
| [[litespeed_wiki:config:mod_security_no_log|I can not see LSWS loging any activities but apache logging ok]]. | [[litespeed_wiki:config:mod_security_no_log|I can not see LSWS loging any activities but apache logging ok]]. | ||
| + | |||