LSWS 4.2.3 VS mod_security

[DraCoola]

I've found that :

<LocationMatch .*>
        SecRuleRemoveById xxxxxx
</LocationMatch>

won't work with 4.2.3
please fix this.

 

[NiteWave]

is the LocationMatch in .htaccess ? then it won't work.

per
http://httpd.apache.org/docs/2.2/mod/core.html#locationmatch
Context: server config, virtual host

if it's already in httpd.conf(virtual host level), then it's an issue.

 

[DraCoola]

hi NiteWave, thanks for your response.
LocationMatch are placed on :

/usr/local/apache/conf/userdata/std/2/username/

and

/usr/local/apache/conf/

those works fine on 4.2.2, so I revert back to 4.2.2 to solve this.

 

[NiteWave]

will notify the development.

since it's <LocationMatch .*>, how about just remove it and will it work under 4.2.3 ?

 

[DraCoola]

i am sorry, NiteWave, but that can't be done.
some websites need to exclude some of specific atomic modsec rules to get their site working.
because that was not just .* but either to website path for an example :

<LocationMatch "/adminpanel/sidebar_option.php">
	SecRuleRemoveById 34xxx
	SecRuleRemoveById 34xxx
	SecRuleRemoveById 34xxx
</LocationMatch>

so i'd better waiting for your next 4.2.3 latest build update.

 

[mistwang]

new build of 4.2.3 has been uploaded. Please give it a try.

 

[TheBigK]

new build of 4.2.3 has been uploaded. Please give it a try.

How do I get the new version? No notification in WHM. Getting the same error and it's really frustrating!

 

[webizen]

no notification for new build of the same version. just do force install either from admin console or command line.

 

[Karl]

mod_security in 4.2.3 is completely broken based on our testing. You need to go back to 4.2.1 to get it working correctly.