1. krrish

    Upgrading ModSecurity from 2.9.6 to Latest Version on OpenLiteSpeed 1.7.19 (Rocky 8 OS)

    Hello OpenLiteSpeed Support, I am currently running OpenLiteSpeed version 1.7.19 on a server with Rocky 8 OS. The server has ModSecurity version 2.9.6 installed. I would like to upgrade ModSecurity to the latest version in order to use the OWASP Core Rule Set (CRS) and take advantage of the...
  2. S

    owasp crs 3.3.4 is not wokring in openlitespeed

    HI, I have updated my owasp core rule set to 3.3.4 but it is not working when I hit<script>alert()</script> it not showing me 403 error msg. here is my audit_log please check and let me know what wrong [21/Mar/2023:15:49:03 +0530] 167934365.747496 271 80...
  3. S

    SecRule not working

    I want to set SecRule on /webmail I am using the below SecRule this is added in the server conf modsecurity on modsecurity_rules ` SecDebugLogLevel 0 SecAuditEngine on SecRuleEngine On SecRule REQUEST_URI "^/webmail" "id:99999,phase:1,deny,status:403" ` modsecurity_rules_file /conf/path but...
  4. S

    can i use litespeed comodo rules in openlitespeed

    I have installed both owasp and comodo rules do both work simultaneously?
  5. B

    OWASP CRS ModSecurity rules not blocking malicious request body in OpenLiteSpeed

    I followed this tutorial: Installing and Configuring the OpenLiteSpeed ModSecurity Module • OpenLiteSpeed to install OWASP CRS. Tested with malicious URL like: - http://localhost:8003/attack.php?q=<script>alert(document.cookie)</script> - http://localhost:8003/attack.php?q=/bin/bash all works...
  6. F

    OLS Modsecurity Problem

    Hello , I using docker container , i read ols modsecurity module and i set my server configiration but Module Parameters added on article code listener and virtual host crashed and not working. when Module Parameters empty not crash virtiualhost and listener i wrote this code module...
  7. J

    Mod_security @inspectFile rule is not working

    Hello, SecRule FILES_TMPNAMES "@inspectFile /usr/local/lsws/" "id:351000,rev:1,severity:2,msg:'Upload Malware Scanner:Malicious File upload attempt detected and blocked',log,deny,auditlog,status:403,t:none" this rule is not working properly. modsecurity on modsecurity_rules `...
  8. L

    OpenLiteSpeed WordPress on GCP and ModSecurity

    Hello everyone, I need advice about OpenLiteSpeed WordPress on GCP f1-micro instance. 1) Enabling ModSecurity will increase server security or not? 2) If it will increase security, is it worth to install vs resources limitations (f1-micro instance)?