We presently pay for the Atomicorp mod_security annual subscription on a server. We are looking to go the LiteSpeed route but noticed when we test it out it has a tough time with the Atomicorp lists producing forbidden errors all over. As there are quite a lot of rules it is ridiculous to track the problem rules down. Are there any LiteSpeed friendly mod_security lists out there?
Joined: Thu Feb 07, 2008 7:49 pm Posts: 3715 Location: Chantilly, VA
As may already know, Litespeed does not use or support mod_security. It does not include it or use, rather they created their own undocumented WAF module module that supposedly supports mod_security rules, but does not. It supports an undocumented subset of the mod_security rule language, and another subset (also undocumented) of modsecurity features and it also may not even work the same as modsecurity. Did I mention its undocumented?
With that said, understand the rules are not generating errors, litespeed WAF is creating the errors because it doesnt actually support modsecurity. If they documented their engine we could look at what rules might be possible for their webserver, but so far we and others have had no luck getting that information.
Users browsing this forum: No registered users and 1 guest
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum