I have a server running OpenLitespeed 1.7.17. This server has mod_security running.
Among the modsec rules, is a rule that blocks a list of user-agents. When certain user-agents are detected, the server returns code 406.
I have noticed that for WordPress sites using LiteSpeed cache plugin, requests from the user agent are served even though modsec should block that user agent.
Here is a curl header response from a site not using LiteSpeed cache. As you can see, the user agent is detected by modsec and code 406 is returned:
$ curl --user-agent 'vikspider' -I https://vu31.printscience.net
HTTP/2 406
date: Tue, 08 Aug 2023 14:39:30 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Here is the same curl header for a site with LiteSpeed cache plugin active. In this case, modsec does not detect the user agent and return code 406. Instead, code 200 is returned:
$ curl --user-agent 'vikspider' -I https://barnardandwestwood.com
HTTP/2 200
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
link: <https://barnardandwestwood.com/wp-json/>; rel="https://api.w.org/"
link: <https://barnardandwestwood.com/wp-json/wp/v2/pages/1339>; rel="alternate"; type="application/json"
vary: Accept-Encoding
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-litespeed-cache: hit
date: Tue, 08 Aug 2023 14:38:59 GMT
I want the modsec rule to apply regardless of whether Litespeed cache plugin is used or now. How can I achieve this?
Among the modsec rules, is a rule that blocks a list of user-agents. When certain user-agents are detected, the server returns code 406.
I have noticed that for WordPress sites using LiteSpeed cache plugin, requests from the user agent are served even though modsec should block that user agent.
Here is a curl header response from a site not using LiteSpeed cache. As you can see, the user agent is detected by modsec and code 406 is returned:
$ curl --user-agent 'vikspider' -I https://vu31.printscience.net
HTTP/2 406
date: Tue, 08 Aug 2023 14:39:30 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Here is the same curl header for a site with LiteSpeed cache plugin active. In this case, modsec does not detect the user agent and return code 406. Instead, code 200 is returned:
$ curl --user-agent 'vikspider' -I https://barnardandwestwood.com
HTTP/2 200
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
link: <https://barnardandwestwood.com/wp-json/>; rel="https://api.w.org/"
link: <https://barnardandwestwood.com/wp-json/wp/v2/pages/1339>; rel="alternate"; type="application/json"
vary: Accept-Encoding
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-litespeed-cache: hit
date: Tue, 08 Aug 2023 14:38:59 GMT
I want the modsec rule to apply regardless of whether Litespeed cache plugin is used or now. How can I achieve this?
