[solved] Bug or Feature: If page is cached ModSecurity can't work

[serpent_driver]

The title of this topic already describes what this issue is about, but will give more details.

I am using LSWS with LScache (non LiteSpeed plugin) and ModSecurity. For ModSecurity I use LiteSpeed Comodo rule set with custom rule set to block bad bots (userdata_bl_agents). It works perfect, but only if a page isn't cached. If it is cached ModSecurity doesn't notice that there is a request that should be blocked.

I am shure you know this restriction if Lscache is used with ModSecurity because it is obviously, but the question is how can it be solved?

 

[mistwang]

that's by design. ModSecurity is expensive, it will defeat the speed of cache, bypassed when possible.
if you have to block by user agent, we recommend using other methods, rewrite rule or setenvif + ACL.
Other choice is to setup cache vary by UA, do not cache for blocked UA.

 

[serpent_driver]

Before I used ModSecurity to block bad bots I had rewrite rules defined, but with rewrite rules and a large number of bots it is also expensive. ModSecurity is much better because with CSF and ModSecurity block rule bots will be blocked by IP, but I understand that ModSecurity defeat the speed of cache. I currently solved it with nocache rewrite rule for bad bots to block bots by ModSecurity.

Is it possible to define bad bots rewrite rule for nocache that works on the entire server? Like a rewrite map?

 

[mistwang]

If Apache config is used to config all vhosts (using a host control panel), you can put rewrite rule in the server level config, it will apply to all vhosts.

 

[serpent_driver]

you can put rewrite rule in the server level config

pre_main_global.conf?

Defined as rewrite map or directly in pre_main_global.conf?

Btw. I have WHM/cPanel

 

[mistwang]

Rewrite map is only a data source, it wont do anything to the request, if you want to use rewrite map for the UA signatures, you can do that.
But, you need a rewrite rule using the rewrite map to make it work.

 

[serpent_driver]

Okay, but if I write it in pre_main_global.conf, syntax for rewrite rule is the same as in .htaccess, correct?

 

[mistwang]

right.

 

[serpent_driver]

Thank you very much!

 

[serpent_driver]

I have added rewrite rules for no-cache bad bots in pre_main_global.conf, but it doesn't work. Requested URLs are cached if a defined bot requests a URL, but I used the same rewrite rules as in .htaccess. To load new configuration I did a graceful restart of LSWS, so what is wrong?

RewriteCond %{HTTP_USER_AGENT} "bot_1|bot_2|bot_3" [NC]
RewriteRule .* - [E=Cache-Control:no-cache]

[UPDATE]

I solved it. pre_main_global.conf seems to be the wrong config file to define cache-control. I used lscache_vhosts.conf in /etc/apache2/conf.d/userdata/ instead and it works in server level.