mod_sec SCRIPT_BASENAME not working?

optize · Mar 8, 2012

I have a simple mod_sec rule to block spam.html:

SecRule SCRIPT_BASENAME "spam\.html" "t:none,deny"

This works fine in Apache, however it doesn't trigger on Litespeed.

Is this a known issue?

webizen · Mar 8, 2012

litespeed skips modsec rules for static file like *.html as it would not cause any real issue. so it is by design not an overlook or bug.

optize · Mar 8, 2012

webizen said:

Is there a way to turn it on? I need mod_sec to work on all file types.

webizen · Mar 9, 2012

use workaround like followings:

mod_sec SCRIPT_BASENAME not working?

optize

Well-Known Member

webizen

Well-Known Member

optize

Well-Known Member

webizen

Well-Known Member