Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
litespeed_wiki:mod_security_tips_tricks [2015/02/02 16:15] Jackson Zhang |
litespeed_wiki:mod_security_tips_tricks [2015/07/29 16:09] Michael Alegre removed |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== mod_security tips and tricks ====== | ====== mod_security tips and tricks ====== | ||
Mod_security engine is built-into LiteSpeed lshttpd binary, which is already an optimized implementation. No further compiling or installation required. | Mod_security engine is built-into LiteSpeed lshttpd binary, which is already an optimized implementation. No further compiling or installation required. | ||
+ | |||
+ | Mod_security engine follows Apache's SecAuditLog. Please also make sure the file is writable by "nobody" user. | ||
Even though we try hard to be compatible with most popular mod_security rules, at the moment, customers still experience some incompatibility issues from time to time. [[http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:mod_security_compatibility|Here]] we have addressed the issues. However, to help workaround them, we create this list of tips and tricks. Hopefully, their lives become easier before the issues get resolved permanently. | Even though we try hard to be compatible with most popular mod_security rules, at the moment, customers still experience some incompatibility issues from time to time. [[http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:mod_security_compatibility|Here]] we have addressed the issues. However, to help workaround them, we create this list of tips and tricks. Hopefully, their lives become easier before the issues get resolved permanently. | ||
Line 7: | Line 9: | ||
* @inspectFile (http://www.litespeedtech.com/support/forum/showpost.php?p=46121&postcount=3 by ElliotP) | * @inspectFile (http://www.litespeedtech.com/support/forum/showpost.php?p=46121&postcount=3 by ElliotP) | ||
<file> | <file> | ||
- | With CSX (http://configserver.com/cp/cxs.html) if you use the CXS Watch feature, | + | With CXS (http://configserver.com/cp/cxs.html) if you use the CXS Watch feature, |
it will listen for new and modified files and scan them anyway, so you get the | it will listen for new and modified files and scan them anyway, so you get the | ||
same result, without needing @inspectFile | same result, without needing @inspectFile | ||
</file> | </file> | ||
+ | |||
+ | <file> | ||
+ | There is another free alternative, through PHP suhosin upload.verification_script | ||
+ | https://suhosin.org/stories/configuration.html#suhosin-upload-verification-script | ||
+ | |||
+ | </file> | ||
+ | |||
+ | For the @inspectFile support, we do have a plan to implement it in 5.x release. |