RFE: Enable RBL support for ModSecurity

[innovot]

We very much wish to see the inclusion of @rbl support for ModSecurity so that we are able to fully leverage the Atomicorp RBL subscription feed we have purchased. We also build our own RBL data source that has been generated from a number of ingress points on our network that we would really like to use as-well.

 

[mistwang]

We will add that after implementing the @inspectFile.
Both operators require interruption of execution flow of ModSecurity rules, which is very hard to implement for a event-driven non-blocking server.

 

[innovot]

How is @inspectFile coming along please ?

 

[mistwang]

We have added @inspectFile and @rbl in our upcoming Load balancer's mod_security implementation.
It will be back port to LSWS enterprise soon, may have it in 5.0.6 release.

 

[innovot]

Thank you for the update mistwang.

 

[innovot]

Hello mistwang, do you think this will be available in 5.0.6 as our LS instance is being hammered with rogue WP admin access, yet when running under Apache the RBL functionality was blocking it all.

 

[mistwang]

We are putting it together.
May have a beta release next week.

 

[wanah]

Hello, this sounds like a huge step forward in litespeed's mod security implementation. I presume it wasn't included in 5.07. Do you have a new ETA ?

 

[mistwang]

5.1RC1 has been released. @rbl and @inspectFile support has been added.
Have been testing @rbl in production for a few days to find forum spam. looks like it is working well.
Due to the big internal changes, we release it as release candidate, user need to be careful with rolling out. It is better to do it in smaller scale or test it in dedicate development environment first.

We will fix any bug promptly with enough debugging information.

 

[innovot]

Appeared to be working okay but then LSWS stopped serving requests. Have downgraded to 5.07 for the time being. How best could we help to debug ?

 

[mistwang]

The best way is to let us login to the server with temp root access to figure out what happened.
If you prefer not to giving temp root access, you can turn on full debug logging, then send us the error log.

 

[mistwang]

5.1RC3 is pretty stable now, you can give it a try if you have not yet.

/usr/local/lsws/admin/misc/lsup.sh -f -v 5.1RC3