Search results

This one can be added easily.

Maybe in a month or so.

not yet. we will add it after adding file scan support.

rule 309200 need to be removed, it causes skipping rules below it.

Then what you want you do with those IP? nothing can be done at firewall level. LSWS drop will cause confusion, sending back 403 deny is the same as default action of ModSecurity. It will only make a difference if the IP send to cloudflare and let them to block those IPs.

That rule require "HEAD" method, so, you need to send a HEAD request when you test it.

So, you expect to trigger rule 336468? I will give it a try.

That rule works fine. Have you upgrade to 5.0.3? Maybe I have to check your live site. if you want, you can PM me a temp root access.

What is the test case it failed? a request contain a url not pointing it its own domain. Please give us an example. Is it failed to detect certain attack? or generate false positives?

The way LiteSpeed works now is that it ignore "env=!dontlog" part in customlog, whenever dontlog env is set, acccess logging is turned off for that request. I tested similar configuration, it works fine. Please check the permission along the path to the log file, make sure the file can be...

Thanks for the suggestion. We have experiences with embedding LUA engine with openlitespeed, there should not be any technical difficulty with adding LUA support. Just a matter of priority and time allocation. Yes, it will be added, but I am not sure when, it is not the top priority. We add...

We need to get a copy of the ruleset to give it a try.

Anything in /usr/local/apache/logs/error_log and stderr.log when LSWS failed to start?

If you use mod_security "drop" action when an IP is detected, litespeed should stop serving request from that IP. I will double check the case when the request is forwarded from front-end proxy. LSWS still need to finish reading the request header, change IP to attacker's IP, then block it...

It turns off access for requests from 127.0.0.1, but other requests will be logged.

Have you uncheck "httpd" service in WHM? https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:cpanel:troubleshooting#litespeed_does_not_restart_when_configuration_changes

You just uncheck the "Mail Header" checkbox in the configuration page.

the mail header patch for that version is not available yet.

You need to let LiteSpeed read httpd.conf instead of a virtual host configuration file or a configuration file included by httpd.conf. The "DirectoryIndex .." configuration is not present in the vhost configuration, it must be inherit from Global/Default vhost configuration.

Are you using a control panel? cPanel? plesk? Directadmin? customized? I assume the index.php works for Apache, right? Any customization to .htaccess?