LSWS 4.2.23 VS mod_security

[DraCoola]

Latest 4.2.23 build won't block with this simple rule :

####
SecRule REQUEST_URI "/any-folder/.+/filename.\php" "id:20202020,rev:1,severity:2,msg:'must be denied',deny" \
####


Please fix it

 

[DraCoola]

Update :

Just did test and found the rule is currently worked.
But LiteSpeed seems cannot understand if I add "redirect:" option :

####
SecRule REQUEST_URI "/any-folder/.+/filename.\php" "id:20202020,rev:1,severity:2,msg:'must be denied',deny,redirect:http://www.litespeedtech.com" \
####


So if "redirect:" added, filename.php will be freely accesed.
Swith to Apache will redirecting to the "redirect:" URL as it should be.

 

[mistwang]

Please force reinstall 4.2.23 see if it is fixed or not.