Difference between revisions of "Litespeed"
m (→Do the modsecurity rules work with Litespeed) |
m |
||
Line 1: | Line 1: | ||
== Does ASL work with LiteSpeed? == | == Does ASL work with LiteSpeed? == | ||
− | + | Yes, ASL is supported with LiteSpeed. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
== Do the modsecurity rules work with Litespeed == | == Do the modsecurity rules work with Litespeed == | ||
− | When used with [[ASL]] | + | When used with [[ASL]] all rules work. |
− | + | ||
− | + | ||
− | + | Please see this page for what rule types Litespeed support: | |
http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:mod_security_compatibility | http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:mod_security_compatibility | ||
Line 31: | Line 17: | ||
# Multi-part Upload protection: Litspeed does not support scanning attached files content in multi-part upload. If you use [[ASL]] you will be able to scan attached files in a multi-part upload. | # Multi-part Upload protection: Litspeed does not support scanning attached files content in multi-part upload. If you use [[ASL]] you will be able to scan attached files in a multi-part upload. | ||
# lua: This is a language that lets us construct advanced rules. Currently they are used for advanced anti-spam protection and advanced SQLi and XSS injection protection. Therefore, these types of rules are not supported by Litespeed, unless you use [[ASL]]. | # lua: This is a language that lets us construct advanced rules. Currently they are used for advanced anti-spam protection and advanced SQLi and XSS injection protection. Therefore, these types of rules are not supported by Litespeed, unless you use [[ASL]]. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== How to configure the T-WAF for litespeed == | == How to configure the T-WAF for litespeed == | ||
Line 68: | Line 42: | ||
= Questions = | = Questions = | ||
− | == | + | == I've loaded the rules into Litespeed, does that mean they work with Litespeed? == |
− | + | Please see the LSWS official page: | |
− | + | http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:mod_security_compatibility | |
− | + | ||
− | + | ||
== I've load the rules in Litspeed, and they are blocking attacks, doesnt that mean they work with Litespeed?== | == I've load the rules in Litspeed, and they are blocking attacks, doesnt that mean they work with Litespeed?== | ||
− | + | Please see the LSWS official page: | |
+ | |||
+ | http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:mod_security_compatibility |
Revision as of 14:23, 20 March 2014
Contents |
Does ASL work with LiteSpeed?
Yes, ASL is supported with LiteSpeed.
Do the modsecurity rules work with Litespeed
When used with ASL all rules work.
Please see this page for what rule types Litespeed support:
http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:mod_security_compatibility
That means Litespeed does not support the following feature:
- Output analysis: This means Litespeed can not inspect the output from the web server. This means rules like malware detection, malicious shell prevention, brute force protection, data loss protection and other rules that analyze the output from the web server are not supported by Litespeed, unless you use ASL.
- XML inspection: Litespeed has chosen to not support XML inspection, this means XML based attacks are unfortunately not protected on that platform, unless you use ASL.
- Multi-part Upload protection: Litspeed does not support scanning attached files content in multi-part upload. If you use ASL you will be able to scan attached files in a multi-part upload.
- lua: This is a language that lets us construct advanced rules. Currently they are used for advanced anti-spam protection and advanced SQLi and XSS injection protection. Therefore, these types of rules are not supported by Litespeed, unless you use ASL.
How to configure the T-WAF for litespeed
Step 1) Log into ASL.
Step 2) Click on the "Configuration" tab.
Step 3) Click on the "WAF" tab and select "WAF configuration".
Step 4) Click the "Add" button.
Step 5) Select "Local Web Server" from the "Add protection for" drop down.
Step 6) Select the port that litespeed runs on. Normally this is port 80.
Step 7) Check the SSL box
Enter the file system path to your SSL certificate, and SSL key in the "Path to SSL Certificate" and "Path to SSL Key file" boxes.
Step 8) Click Save
Note: Litespeed does not support the WAF in embedded mode.
Questions
I've loaded the rules into Litespeed, does that mean they work with Litespeed?
Please see the LSWS official page:
http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:mod_security_compatibility
I've load the rules in Litspeed, and they are blocking attacks, doesnt that mean they work with Litespeed?
Please see the LSWS official page:
http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:mod_security_compatibility