mod_security REQUEST_HEADERS:Referer anomaly/bug

DraCoola

Well-Known Member
#1
Dear LiteSpeed,

I'm using LSWS 5.4.10 (build 4) on Cpanel.
I found if using :
Code:
SecRule REQUEST_HEADERS:Referer|ARGS "spam-domains\.com"
Will work.

But if using @pmFromFile operator :
Code:
SecRule REQUEST_HEADERS:Referer|ARGS "@pmFromFile spam-domains.txt"
Will not work.

So REQUEST_HEADERS:Referer cannot work if using together with @pmFromFile operator.
But at the same time, using REQUEST_HEADERS:User-Agent works normally together with @pmFromFile operator.

I hope there will be a fix release for this issue.

Thanks!
 

mistwang

LiteSpeed Staff
#2
We need the content of `spam-domains.txt` and the value of `REQUEST_HEADERS:Referer` in the test case,
so, we can try to reproduce the bug.
 

DraCoola

Well-Known Member
#3
Hi George,

The content of 'spam-domains.txt' is any of TLD/SLD domain.
For an example : store\.litespeedtech\.com
So any access to litespeedtech.com which was refered from store.litespeedtech.com will trigger mod_security to deny.

The value or rule is as usual :
Code:
SecRule REQUEST_HEADERS:Referer|ARGS "@pmFromFile spam-domains.txt" "log,id:12345,rev:1,severity:2,deny,msg:'Referer Test'"
Thanks!
 
Last edited:
Top