[SOLVED] Modsecurity Testing

Discussion in 'Install/Configuration' started by innovot, Aug 22, 2014.

  1. innovot

    innovot Member

    Hello, we have enabled our ASL rules with LSWS and see them loaded when a graceful restart is performed. But we have tried with the testing URL and nothing happens. How can we debug what is happening please ?
  2. mistwang

    mistwang LiteSpeed Staff

    You can set "SecDebugLogLevel 9" to check what happened.
    When you test it, the test URL should be a dynamic page.
  3. innovot

    innovot Member

    Rules are not being processed even though the configuration files are being read. How do I troubleshoot the LSWS modsec engine ? Thanks.
  4. mistwang

    mistwang LiteSpeed Staff

    How the rules are configured? Native LSWS configuration? Apache httpd.conf?
    how vhosts are configured? Native LSWS configuration? Apache httpd.conf?

    If you want to use the security rule with vhost configured through httpd.conf, you need to configure those rules through httpd.conf.
  5. innovot

    innovot Member

    Hi, Vhosts are configured directly through LSWS but ModSec is being pulled from files as we use AUM to upgrade the ASL subscription signatures; so yes httpd.conf with an Include. Thanks.
  6. mistwang

    mistwang LiteSpeed Staff

    you need to configure vhost through httpd.conf in order to use modsecurity rules configured through httpd.conf.
  7. innovot

    innovot Member

    So you cannot mix ? Where is that documented please as have just converted across to use LSWS with templates. Thanks.

Share This Page