Search results

I'm interested in this too. What happens if we switch to the Apache ruleset instead, which seems to be updated?

Done

It is a cPanel server but this happened already when 5.3 was first released, and that was a few weeks ago I think.

I'm keeping my server on 5.2.8 due to a specific problem with one site, on all 5.3.x versions including 5.3.3. The site runs Wordpress and due to legacy files, it has a complex structure, where some WordPress URLs also exist as folders in the directory structure. These folders have the...

I've started to use the Comodo modsecurity rules with great success. They do have a version that is tailored for Litespeed. I've found a minor problem, and it's that Litespeed doesn't support ModSecurity variable expansion in msg field, so when a brute-force rule is triggered in Litespeed, it...

Thanks. Now this is weird: the issue was solved by switching to Apache and then switching back. Does this make any sense?

For some reason, this stopped working on my servers. Any idea how to troubleshoot it?

Thanks! You are absolutely correct, Apache does return a 404 in this case as well. So, nevermind!

I've been having some errors that are related to this: http://www.litespeedtech.com/support/forum/threads/solved-permissions-issues-with-new-accounts.10076/ I had to run touch /var/cpanel/fileprotect on one of my servers, which fixed the permission problem on new accounts. However, this has...

Advice from Cloudlinux support is to set them both at 100, the same as NPROC in Cloudlinux. I've done the change, so far so good. Thanks for the help!

I'm not sure how the soft and hard defaults interact with Cloudlinux. Should they both be set the same?

I have Cloudlinux NPROC at its default of 100. Litespeed Process Soft Limit and Process Hard Limit are set at 200, which is obviously wrong. Not sure if this is Litespeed's default or if it was set by my DC. Should I set both limits at 100 so they are the same as Cloudlinux then?

So - what's the recommended configuration for limits now? Same in Cloudlinux and Litespeed?

Still having a lot of false positives with the Joomla rule, although it's better than nothing. Image gallery modules are a problem because they generate a lot of requests.

You are right! I was on 4.2.12. Just upgraded to 4.2.14 and I can see the rule ID. Fantastic! :D BTW I just subscribed to the announcements forum so I can be notified of new releases :)

Given all the improvements in Litespeed's mod_security compatibility (thank you!) I think it's time to request this fix: For some reason, the CSF firewall and Configserver's Modsecurity Control can't read the rule ID when using Litespeed. Here are some screenshots to make it easier to...

Thanks Michael! :) About the false positives, a possible fix would be for that rule to be executed ONLY in "/administrator/index.php", ignoring any string queries. How can I do that?

The new rule is better but it still creates false positives. The problem is that many legit operations inside Joomla's administrator area cause a lot of requests, and admins get blocked. Any ideas? I don't think this can be solved until Litespeed can scan the response body. It would be great...

Yes, the rule I am using does create false positives. I didn't have any report until today, but I can see it in the logs. I'm going to test your rule. How's it working for you?

I've had success with what appears to be a variant of the one you posted: <LocationMatch "/administrator/index.php"> SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:00113 SecRule user:bf_block "@gt 0" "deny,status:403,log,id:00114,msg:'IP address blocked...