Search results

thank you, webizen :)

And 4.1.1 doesn't have "Server Snapshot" anymore in it's panel Home

I have experienced this php_build error today. So the patch is still doesn't rolled out since 05-20-2011 until now? Thank you for manually patch instruction anyway.

Thank you george for your kind attention. I decide to temporarily backward to v4.1 right now and wait until my mod_sec rule set finished on your investigation. many thanks! :)

this v4.1.1 suddenly triggering modsec rule : SecRule REQUEST_COOKIES:PHPSESSID "!^[0-9a-z]*$" which was not happen while using v4.1 and apache 2.2.17 - 2.2.18

I will try to put "chain" to the rules with "!ARGS" to get an exclusion path. But the newest 4.0.18 sounds very tasty on the change log I hope "Improved mod_security compatibility" on that 4.0.18 were also "SecRuleRemoveById" recognition and "SecDefaultAction deny" included :)

Another update : ************** Include "/usr/local/apache/conf/modsec2.whitelist.conf" is ignored too. The file is used to white list allowed path for an example : ----------------------------------------------------------- <LocationMatch "/cgi-sys/suspendedpage.cgi"> SecRuleRemoveById 123456...

Added "deny" just like rules below but still lsws bypassing the rules :( ------------------------------------------------------------- SecRule REQUEST_URI|REQUEST_FILENAME "[A-Z|a-z|0-9]\.(cgi|pl|plx|ppl|perl)\?" "id:123456,rev:1,severity:2,msg:'PERL-CGI-1',deny" SecRule...

Yes all rules that I've wrote and even from gotroot.com are mostly without "deny" at rule line as you told. I am now add that "deny" action to all rules. But while litespeed included "Deny" as "SecDefaultAction", I believe that would be more nice :) So the issue has SOLVED! George is the master

Any help? George? NiteWave? webizen?

I did put "SecFilterEngine On" on modsec2.conf with litespeed and resulting an error lines, then litespeed wont start. I mean modsec2 just leave the old "SecFilterEngine On" and replace the tag with "SecRuleEngine On" to make it work with any webserver behind it (**) (**) : modsec2 + any...

After two days lsws running fine with those "anti perl" rules, now it showing the "bug" again. It suddenly wont work with the rules after restarting the webserver. Honestly I don't know where to find the error_log for modsec. The conf has said just like this ...

"SecFilterEngine On" was only work with modsec1 / apache 1.x Modsec2 together with apache 2.x using "SecRuleEngine On" If "SecFilterEngine On" put in modsec2 conf will definitely make the webserver refuse to start.

Thank you, George. But after switching from Apache to LiteSpeed twice, then suddenly .pl is forbidden now :confused:

Any help? George? NiteWave? This litespeed bug (?) could be very dangerous. Because modsec2 rules can not prevent cgi and perl scripts accessing the whole system anymore with litespeed. Turkey and Algerie hacker has used cgi-telnet script to do mass deface for thousands of websites in just...

I am using Litespeed Web Server Enterprise v4.0.17 on CENTOS 5.5 x86_64 standard with WHM 11.28.52 + ModSec2x On my other non litespeed server with WHM 11.28.52 + Apache 2.2.17 + ModSec2x, I wrote these ModSec rules and worked ...

Switch to php 5.2.11 and that joomla site back to normal :)

I have did rebuild matching php version to 5.2.12 But http://portal.dehostre.com showing error 503, while switch to apache finally fix that error 503. Should I back to php 5.2.11 for this moment?

Did litespeed adding php 5.2.12 on lsws 4.0.12? Because php 5.2.12 has been added on Cpanel easy apache php list.

Glad to know that :) Thank you for your explanation.