Litespeed and Modsecurity

[sahostking]

Hi fellas,

Ive recently installed litespeed and enabled modsecurity. I'm currently testing with the delayed atomic rules which is free but I seem to get the error when using them:

mod_security: Access denied with code 406, [Rule: '' ''] [severity "WARNING"] [MatchedString ""]

All websites go down.

If I remove it then all works again. If I change from litespeed to apache and try it again with the rules all works fine.

Very strange. any ideas?

 

[handsonhosting]

If you review the LiteSpeed forums you'll find that there's actually quite a bit of talk about the lack of support for mod_security in their software. LiteSpeed created their own module which is supposed to support the mod_security rules.

If you want 100% compatibility with mod_security, you will want to stay with Apache.

 

[easyhostmedia]

we have litespeed and mod_security working together without any issues

 

[handsonhosting]

we have litespeed and mod_security working together without any issues

Maybe it's only portions of mod_security that cause issues?

 

[spenchev]

Hello,

You can check the error log. It will give you more information if any mod_security rule is cause this problem. After that you can easily disable it.

 

[euro-space]

Just additional (hopefully useful) info - Configserver has great tool to enable/disable particular rule(s) for any account or list of accounts with the easiest way by using their Configserver Modsecurity Control plugin, freely available here - http://configserver.com/cp/cmc.html

It makes everything easy
Cheers!