I've started to use the Comodo modsecurity rules with great success. They do have a version that is tailored for Litespeed.
I've found a minor problem, and it's that Litespeed doesn't support ModSecurity variable expansion in msg field, so when a brute-force rule is triggered in Litespeed, it appears like this in the cPanel interface:
230000: COMODO WAF: Brute Force Attack Identified|Source %{tx.real_ip} (%{tx.brute_force_block_counter} hits since last alert)
It would be great if you could add compatibility with this feature on the next release. modsecurity is one of the few areas where Apache compatibility still lags a bit behind.
I've found a minor problem, and it's that Litespeed doesn't support ModSecurity variable expansion in msg field, so when a brute-force rule is triggered in Litespeed, it appears like this in the cPanel interface:
230000: COMODO WAF: Brute Force Attack Identified|Source %{tx.real_ip} (%{tx.brute_force_block_counter} hits since last alert)
It would be great if you could add compatibility with this feature on the next release. modsecurity is one of the few areas where Apache compatibility still lags a bit behind.
