Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
litespeed_wiki:config:mod_security-compatibility [2015/07/29 16:03]
Michael Alegre created
litespeed_wiki:config:mod_security-compatibility [2017/07/25 13:32] (current)
Eric Leu [Supported Features List (Not Comprehensive)]
Line 1: Line 1:
-====== mod_security ​compatibility ​====== +====== mod_security ​Compatibility ​======
-lsws try to be compatible with latest mod_security 2.5(and above) + latest gotroot rules. lsws support most of them, and don't want to miss any really important features/​rules in real world and keeps updating based on our users' feedback. However since the complexity and the always updating security rules, it's not possible to be 100% compatible with apache in any time. This wiki will address the most current compatibility status. +
-=== Not Yet Support Features === +
-  * scan response header/​body.(Note:​ request header/body are supported) +
-  * scan attached files content in multi-part upload +
-  * PDF functions +
-  * lua +
-  * parsing XML +
-=== Reasons/​Concerns not support them === +
-  * the feature is less used +
-  * the feature may slow down litespeed considerably due to the single-thread event driven architecture +
-  * the rules for static files are skipped as it would unlikely cause any real security issue.+
  
-=== Tips and Tricks ​=== +We try to keep LSWS compatible with the latest mod_security 2.5(and above) and gotroot rules. LSWS supports most of these rules and attempts not to miss any really important features/​rules used in the real world. We also keep updating support based on our user feedback.  
-  * [[http://www.litespeedtech.com/support/​wiki/​doku.php?​id=litespeed_wiki:​mod_security_tips_tricks]]+ 
 +However, because of the complexity and always updating nature of these security rules, it is not possible to be 100% compatible with Apache at any one time. This wiki will address the most current compatibility status. 
 + 
 +===== Supported Features List (Not Comprehensive)===== 
 +  * **@rbl** - real time block list. (since 5.1) 
 +  * **@fileinspect** - scan attached files. (since 5.1) 
 +  * Scan request header/body. 
 +  * Scan response header. 
 +  * Audit logging 
 +    * LSWS currently only supports the serial mode for audit logging. Since LiteSpeed is event driven, not like Apache that can have multiple processes and could change UID. 
 + 
 +===== Not Yet Support Features ===== 
 +  * Scan response body. 
 +  * PDF functions. 
 +  * lua. 
 +  * Parsing XML. 
 + 
 +===== Not Yet Support syntax ===== 
 +  * SecRemoteRules 
 +===== Reasons/Concerns not support ​them ===== 
 +  * The feature is not often used. 
 +  * The feature may slow down LiteSpeed considerably due to our single-thread event driven architecture. 
 +  * Requests to static files bypass mod_security scanning as they are unlikely to cause any real security issues.
  • Admin
  • Last modified: 2015/07/29 16:03
  • by Michael Alegre