Mod Sec rules
136 views
Skip to first unread message
Steve Skinner
Jun 24, 2018, 9:46:24 AM6/24/18
to OpenLiteSpeed Development
Hi,
Does anyone know where i can get modsecurity rules for open litespeed?
the install for mod sec doesnt give any or any idea where to get them
Thanks
Steve
Does anyone know where i can get modsecurity rules for open litespeed?
the install for mod sec doesnt give any or any idea where to get them
Thanks
Steve
Steve Skinner
Jun 28, 2018, 2:59:03 PM6/28/18
to OpenLiteSpeed Development
Well donwloaded comodo rules for litespeed but doesnt work on open litespeed keep getting errors like below
[Module:Mod_Security]setSecRule(type 2) /usr/local/lsws/conf/rules/rules.conf.main failed, ret -1, reason: 'Rules error. File: /usr/local/lsws/conf/rules/02_Global_Generic.conf. Line: 15. Column: 345. Expecting an action, got: "id:211120,chain,msg:'COMODO WAF: Remote File Inclusion Attack||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,t:lowercase,t:urlDecodeUni,rev:10,severity:2,tag:'CWAF',tag:'Generic'" '.
or
[Module:Mod_Security]setSecRule(type 2) /usr/local/lsws/conf/rules/rules.conf.main failed, ret -1, reason: 'Rules error. File: /usr/local/lsws/conf/rules/04_Global_Domains.conf. Line: 29. Column: 303. SecDefaultActions can only be placed once per phase and configuration context. Phase 2 was informed already. '.
in httpd.config.conf file
module mod_security {
modsecurity on
modsecurity_rules_file /usr/local/lsws/conf/rules/rules.conf.main
modsecurity_rules_remote key uri
}
So it looks like open litespeed isnt covered by mod sec :( so next question is, is open litespeed secure to use?
Steve
David
Jun 29, 2018, 8:59:57 AM6/29/18
to openlitespee...@googlegroups.com
Hi Steve,
I am not sure why this error happened, and you may contact the modsecurity team(https://www.modsecurity.org/
) who provide the library, because for module mod_security, it just passes the correct file path to the library and the library will handle it and write the error messages.
The reasons I guess is maybe the rules file is not for this version modsecurity, and openlitespeed always use the latest version of modsecurity library.
For you conf file, you needn't to have "modsecurity_rules_remote key uri" in it, since you are using local file and you do not use a remote file. But it won't cause problem.
Thanks.
David
I am not sure why this error happened, and you may contact the modsecurity team(https://www.modsecurity.org/
) who provide the library, because for module mod_security, it just passes the correct file path to the library and the library will handle it and write the error messages.
The reasons I guess is maybe the rules file is not for this version modsecurity, and openlitespeed always use the latest version of modsecurity library.
For you conf file, you needn't to have "modsecurity_rules_remote key uri" in it, since you are using local file and you do not use a remote file. But it won't cause problem.
Thanks.
David
--
You received this message because you are subscribed to the Google Groups "OpenLiteSpeed Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openlitespeed-deve...@googlegroups.com.
To post to this group, send email to openlitespee...@googlegroups.com.
Visit this group at https://groups.google.com/group/openlitespeed-development.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages