I was investigating using some of the OWASP rules for mod_security but I've found that almost none of them are useable with litespeed.
They appear to almost exclusively use SecRule TX:var style rules to create scores, and allow/deny based on the score. Which litespeed does not appear to support.
eg:
Any plans to begin supporting the features required for at least the base rules of the "ModSecurity Core Rule Set"?
I also found that the following rule (which is part of the core rule set) causes litespeed to crash and auto-restart for every request.
I'm testing on ent4.1.3.
Also, please add some documentation to inform people that the request filter config in litespeed's control panel is for native sites only.
They appear to almost exclusively use SecRule TX:var style rules to create scores, and allow/deny based on the score. Which litespeed does not appear to support.
eg:
Code:
unknown server variable while parsing: TX:REAL_IPI also found that the following rule (which is part of the core rule set) causes litespeed to crash and auto-restart for every request.
Code:
SecRule REQUEST_HEADERS:User-Agent "^(.*)$" "phase:1,id:'981217',t:none,pass,nolog,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{matched_var}"Also, please add some documentation to inform people that the request filter config in litespeed's control panel is for native sites only.