Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
litespeed_wiki:config:understanding_500 [2019/05/10 19:18] Jackson Zhang |
litespeed_wiki:config:understanding_500 [2019/10/15 13:45] Jackson Zhang |
||
---|---|---|---|
Line 270: | Line 270: | ||
===== OWASP ModSecurity rule set may trigger 500 when using Imunify360 together ===== | ===== OWASP ModSecurity rule set may trigger 500 when using Imunify360 together ===== | ||
OWASP rule set may conflict with Imunify360 default rule set on a server running LiteSpeed Web Server. Please choose only one mod_security rule set. | OWASP rule set may conflict with Imunify360 default rule set on a server running LiteSpeed Web Server. Please choose only one mod_security rule set. | ||
+ | |||
+ | For OWASP rulesets, in crs-setup.conf: | ||
+ | SecAction "id:900990, phase:1, nolog, pass, t:none, setvar:tx.crs_setup_version=302" | ||
+ | | ||
+ | in /etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-901-INITIALIZATION.conf | ||
+ | SecRule &TX:crs_setup_version "@eq 0" "id:901001, phase:1, auditlog, log, deny, status:500, severity:CRITICAL, msg:'ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions.'" | ||
+ | |||
+ | crs-setup.conf has to be loaded first then the rest of rules including REQUEST-901-INITIALIZATION.conf. | ||
+ | |||
+ | Imunify360 could break the loading order of the above rule set and lead to "500" errors. | ||
+ | | ||
+ |