Greetings all!
We recently switched from Apache to LSWS on one our cPanel servers and we are having a problem with a rule for mod_rewrite/mod_security that is not being used properly after the switch.
The mod_rewrite rule is designed to block bad user-agents from accessing one part of the site and as noted, it worked prior to the switch to LSWS. The .htaccess file is located in /home/userdir/public_html/repo/.htaccess. The Mod_rewrite rule we were using is below:
<IfModule mod_rewrite.c>
RewriteEngine on
#RewriteBase /
#Block access based upon User-Agent name
SetEnvIfNoCase User-Agent "^InstallerApp(.*)" blocked_apps=1
Order Allow,Deny
Allow from all
Deny from env=blocked_apps
</IfModule>
As noted, this was not working after we upgraded to LiteSpeed but the other rules in this .htaccess file still work fine.
Since this didn't work, we put the above rewrite rule directly into httpd.conf and that too failed to work.
The next approach was to block the useragent with Mod_security in the .htaccess file with the below rule:
<IfModule mod_security2.c>
# Basic configuration options
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off
SecUploadKeepFiles Off
# Debug log
#SecDebugLog /var/log/apache2/modsec_debug.log
#SecDebugLogLevel 0
SecRule REQUEST_HEADERS:User-Agent "InstallerApp(.*)" "log,drop"
</IfModule>
We have also tried using the full user-agent which is shown as "InstallerApp/1.0.1 (Mac/2.2, like CFNetwork/220.0)"
Any help on getting this to work properly would be greatly appreciated. Thank in advance for reading all of this!
We recently switched from Apache to LSWS on one our cPanel servers and we are having a problem with a rule for mod_rewrite/mod_security that is not being used properly after the switch.
The mod_rewrite rule is designed to block bad user-agents from accessing one part of the site and as noted, it worked prior to the switch to LSWS. The .htaccess file is located in /home/userdir/public_html/repo/.htaccess. The Mod_rewrite rule we were using is below:
<IfModule mod_rewrite.c>
RewriteEngine on
#RewriteBase /
#Block access based upon User-Agent name
SetEnvIfNoCase User-Agent "^InstallerApp(.*)" blocked_apps=1
Order Allow,Deny
Allow from all
Deny from env=blocked_apps
</IfModule>
As noted, this was not working after we upgraded to LiteSpeed but the other rules in this .htaccess file still work fine.
Since this didn't work, we put the above rewrite rule directly into httpd.conf and that too failed to work.
The next approach was to block the useragent with Mod_security in the .htaccess file with the below rule:
<IfModule mod_security2.c>
# Basic configuration options
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off
SecUploadKeepFiles Off
# Debug log
#SecDebugLog /var/log/apache2/modsec_debug.log
#SecDebugLogLevel 0
SecRule REQUEST_HEADERS:User-Agent "InstallerApp(.*)" "log,drop"
</IfModule>
We have also tried using the full user-agent which is shown as "InstallerApp/1.0.1 (Mac/2.2, like CFNetwork/220.0)"
Any help on getting this to work properly would be greatly appreciated. Thank in advance for reading all of this!