Modsecurity LocationMatch

[DoM]

Hi,
we are using modsecurity with cPanel.

If we use apache + mod_security, those directives works:

<LocationMatch .*>

# BUGID - 2007411
SecRuleRemoveById 950005
SecRuleRemoveById 950907
SecRuleRemoveById 950908
SecRuleRemoveById 340026
</LocationMatch>

If we use litespeed + mod_security it looklikes that LocationMatch directive OR SecRuleRemoveById does not works and rule looklikes applied ALSO if we declare that must not:

[Wed Oct 27 15:48:21 2010] [error] [client x.x.x.x] ModSecurity: Access denied with code 403, [Rule: 'ARGS|!ARGS:action|!ARGS:image|!ARGS:t|!ARGS:redirect_to|!ARGS:dir|!ARGS:vthumb|!ARGSic|!ARGS:/url/|!ARGSath|!ARGS:clickTAG|!ARGS:/url/|!ARGS:base_url|!ARGSutbound|!ARGSut|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url
]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:ureferrer|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:redirect|!ARGSroduct[media_gallery][images]|!ARGS:loc|!ARGS:backurl|!ARGS:r_uri|!ARGSaparams|!ARGS:bg_image|!ARGS:imageFile|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:body|!ARGS:subdir[0]' '(?:
ogg|gopher|zlib|(?:ht|f)tps?)\:/']
[ID: 340026]


Waiting for your reply

Regards

 

[mistwang]

We are working on "SecRuleRemoveById" support in 4.1RC releases. will be supported.

 

[DoM]

Nice.

Just to understand litespeed web server functions i have two more questions:

1) It's better to enable mod_security rules from request filter of litespeed configuration or from classic mod_Security config file with apache?

2) There is somewhere a manual for litespeedtech ?


Waiting for your reply

Best regards

 

[DoM]

About 2) found documentation