Hey all,
I tried getting Modsec and OWASP going today using this tutorial https://openlitespeed.org/kb/openlitespeed-modsecurity-module/.
The block on phpinfo.php works, just the rules don't. I have renamed the crs-setup.conf and the before and after rule files and used the example of the direct path. I have been doing some tests that should be blocked, and it seems it does not recognize the owasp rules. I am somewhat familiar with Modsec/OWASP, have been using it on Nginx and compiling the modules for it myself, never had a single issue it is pretty straightforward on Nginx though the performance on it is dreadful (slow).
I am using the current release, 3.3.2, released on 30th of June 2021, not sure if that has something to do with it, and the modsec modules exist in the correct folders. I cannot find much more information.
Any advice on what I should check?
Thanks all.
I tried getting Modsec and OWASP going today using this tutorial https://openlitespeed.org/kb/openlitespeed-modsecurity-module/.
The block on phpinfo.php works, just the rules don't. I have renamed the crs-setup.conf and the before and after rule files and used the example of the direct path. I have been doing some tests that should be blocked, and it seems it does not recognize the owasp rules. I am somewhat familiar with Modsec/OWASP, have been using it on Nginx and compiling the modules for it myself, never had a single issue it is pretty straightforward on Nginx though the performance on it is dreadful (slow).
I am using the current release, 3.3.2, released on 30th of June 2021, not sure if that has something to do with it, and the modsec modules exist in the correct folders. I cannot find much more information.
Any advice on what I should check?
Thanks all.
Last edited: