Difference between revisions of "Litespeed"

From Atomicorp Wiki
Jump to: navigation, search
(Does ASL work with LiteSpeed?)
(Does ASL work with LiteSpeed?)
Line 1: Line 1:
 
== Does ASL work with LiteSpeed?  ==
 
== Does ASL work with LiteSpeed?  ==
  
Partially, but the Web Application Firewall does not. LiteSpeed has a proprietary implementation of mod_security, the Web Application Firewall (WAF) module we use in Apache.  
+
Partially, but the Web Application Firewall does not. This is because LiteSpeed has a proprietary implementation of mod_security, the Web Application Firewall (WAF) module we use in Apache. '''Litespeeds implementation of mod_security is is neither a drop in replacement for the real mod_security module, nor does it support the full rule set or rule language.  Because of this, it is not compatible with modern mod_security rules and can not protect against modern web attacks.'''
  
Litespeeds implementation of mod_security is is neither a drop in replacement for the real mod_security module, nor does it support the full rule set or rule language.  Because of this, it is not compatible with modern mod_security rules and can not protect against modern web attacks.
+
To currently support LiteSpeed we would have to significantly weaken the rules, and, ironically, they would also be much much slower using LiteSpeeds mod_security implementation.  This is actually not because LiteSpeed is slower than Apache (Litespeed claims the opposite), but because the LiteSpeed WAF module does not support the new rule language in mod_security that allows us to design in massive performance enhancements to the rules.
 
+
To currently support LiteSpeed we would have to significantly weaken the rules, and, ironically, they would also be much much slower using LiteSpeeds mod_security implementation.  This is actually not because LiteSpeed is slower than Apache (Litespeed claims the opposite), but because the LiteSpeed WAF module does not support the new rule language in mod_security that allows us to design in massive performance enhancements.  
+
  
 
If you want to use LiteSpeed, you will either have to forgo web application protection (definitely not recommended), or you will need to install a WAF in front of LiteSpeed to get web application protection, either via a standalone WAF or an apache proxy with our WAF module included.
 
If you want to use LiteSpeed, you will either have to forgo web application protection (definitely not recommended), or you will need to install a WAF in front of LiteSpeed to get web application protection, either via a standalone WAF or an apache proxy with our WAF module included.
  
 
We do encourage you to encourage LiteSpeed to support the full mod_security rule language, and also to document their implementation (we have had no luck finding any documentation on their implementation) - as well as to reply to our emails regarding their product.  We would really like to be able to support it!
 
We do encourage you to encourage LiteSpeed to support the full mod_security rule language, and also to document their implementation (we have had no luck finding any documentation on their implementation) - as well as to reply to our emails regarding their product.  We would really like to be able to support it!

Revision as of 11:11, 4 January 2011

Does ASL work with LiteSpeed?

Partially, but the Web Application Firewall does not. This is because LiteSpeed has a proprietary implementation of mod_security, the Web Application Firewall (WAF) module we use in Apache. Litespeeds implementation of mod_security is is neither a drop in replacement for the real mod_security module, nor does it support the full rule set or rule language. Because of this, it is not compatible with modern mod_security rules and can not protect against modern web attacks.

To currently support LiteSpeed we would have to significantly weaken the rules, and, ironically, they would also be much much slower using LiteSpeeds mod_security implementation. This is actually not because LiteSpeed is slower than Apache (Litespeed claims the opposite), but because the LiteSpeed WAF module does not support the new rule language in mod_security that allows us to design in massive performance enhancements to the rules.

If you want to use LiteSpeed, you will either have to forgo web application protection (definitely not recommended), or you will need to install a WAF in front of LiteSpeed to get web application protection, either via a standalone WAF or an apache proxy with our WAF module included.

We do encourage you to encourage LiteSpeed to support the full mod_security rule language, and also to document their implementation (we have had no luck finding any documentation on their implementation) - as well as to reply to our emails regarding their product. We would really like to be able to support it!

Personal tools