mod_security ASL issues - 403 error.

[VortMax]

Hello,
We have a new server up and running with Cent OS 5.2 and we are running ASL for security and our server keeps serving up 403 errors (and the end user see's the apache default web page) when people are inputting data on php input fields. Most of the errors show as XSS injection threats (which they are not).

If I disable litespeed and go back to apache the problems stop. I have also disabled several rules from mod_security and it helps sometimes. But we REALLY need to have this security in place on our server.

One another annoying issue is when bringing up hordemail it just gives us a blank page unless of course I turn off litespeed and enable apache.

Has any one figured out a way to deal with these mod_security issues with litespeed?

Litespeed tech was helping me with this problem but I think that there solution was to just disable the offending rules which just concerns me at this time.

Thank you

 

[VortMax]

No one has any ideas on this one? Everyone else using some form of mod_security is NOT having this problem?

 

[mistwang]

Have you tried the latest release? 4.0.3 or 4.0.4 .

 

[VortMax]

Have you tried the latest release? 4.0.3 or 4.0.4 .

Running 4.0.3...I think you guys actually created it while working on this exact problem. 4.0.4 is not showing up as a downloadable version.

 

[mistwang]

Just change the version number in the download link to get it.
If the rewrite rule still bother you, please check the audit log and send us the corresponding security rules, or the whole security rule file.

 

[VortMax]

Since the 4.0.4 update was posted I can confirm that I no longer have issues with horde giving me a blank login screen from Plesk. I am waiting to here from our members if this released corrected the other mod_security issues when using ASL.

Thank you and I will keep you posted.

 

[VortMax]

Unfortunately even with 4.0.4 we are still experiencing quite a few apache default page problems with litespeed activated with ASL.

I was using a forum editor package today and it wouldn't even allow me to save the code to the database. It kept giving me the default apache page once I hit save.

There has got to be something you can do about this. Once again, if I turn off litespeed and go back to apache all of these default page problems disappear. Of course this is really not an option nor is disabling our security software.

Any other ideas from anyone or the staff here would be greatly appreciated.

 

[mistwang]

Can you please provide the log entry that block a valid request in your mod_security audit log file along with your security rules?
You can send those information to bug@litespeed...

 

[VortMax]

Sent that stuff over today.

 

[VortMax]

Can anything be done about this? New versions have done nothing to curb this problem.

mod_security rules continue to cause issues with an apache default page to be displayed.

We have dealt with this for over three months now with no resolution at all. Can you please help us?

 

[Aninnaskiny]

mod_security ASL issues 403 error

I dont think so. When I Identify them, they are numbered 1 to 2 from left to right. Is there some other way to confirm?