mod_security tips and tricks
Mod_security engine is built-into LiteSpeed lshttpd binary, which is already an optimized implementation. No further compiling or installation required.
Mod_security engine follows Apache's SecAuditLog. Please also make sure the file is writable by “nobody” user.
Even though we try hard to be compatible with most popular mod_security rules, at the moment, customers still experience some incompatibility issues from time to time. Here we have addressed the issues. However, to help workaround them, we create this list of tips and tricks. Hopefully, their lives become easier before the issues get resolved permanently.
- @inspectFile (http://www.litespeedtech.com/support/forum/showpost.php?p=46121&postcount=3 by ElliotP)
@inspectFile support added as of LSWS 5.1.
Some alternatives:
With CXS (http://configserver.com/cp/cxs.html) if you use the CXS Watch feature, it will listen for new and modified files and scan them anyway, so you get the same result, without needing @inspectFile
There is another free alternative, through PHP suhosin upload.verification_script https://suhosin.org/stories/configuration.html#suhosin-upload-verification-script