Comments (3)
Hi @admiral504,
you've tagged this issue with 2.x
, but as I know OpenLiteSpeed uses libmodsecurity3 - doesn't it?
Btw. would you take a look to our issue template, and fill the issue with expected content?
Based on your report, there is no any relevant information, eg.: what's the problem? What do you see in your error log? What do you mean when you write "rule does not seems to work"?
from modsecurity.
Hi @admiral504,
you've tagged this issue with
2.x
, but as I know OpenLiteSpeed uses libmodsecurity3 - doesn't it?Btw. would you take a look to our issue template, and fill the issue with expected content?
Based on your report, there is no any relevant information, eg.: what's the problem? What do you see in your error log? What do you mean when you write "rule does not seems to work"?
I found in /usr/local/lsws/logs/error.log
2024-06-10 12:33:01.730873 [NOTICE] Loading LiteSpeed/1.7.19 Open (lsquic 3.3.2, modgzip 1.1, cache 1.66, mod_security 1.4 (with libmodsecurity v3.0.12)) BUILD (built: Tue Apr 16 15:14:26 UTC 2024) ...
Do you think im using mod_security ver 1.4 or 3.0.12.
These packages come with cyberpanel install.
Rule does not seems to work
I mean, after I placed the rule in /usr/local/lsws/conf/modsec/rules.conf and then restarted OpenLiteSpeed. Afterward, I made several requests by repeatedly crawling at Facebook Debugger.
However, all the requests still returned a status of 200, not the expected 429
"172.68.26.8 - - [11/Jun/2024:01:21:31 +0700] "GET /robots.txt HTTP/1.1" 200 128 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"" "172.71.174.164 - - [11/Jun/2024:01:21:32 +0700] "GET / HTTP/1.1" 200 34326 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"" "162.158.175.172 - - [11/Jun/2024:01:21:32 +0700] "GET / HTTP/1.1" 200 34326 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"" "172.71.166.170 - - [11/Jun/2024:01:21:34 +0700] "GET / HTTP/1.1" 200 34331 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"" "172.68.26.185 - - [11/Jun/2024:01:21:36 +0700] "GET / HTTP/1.1" 200 34326 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"" "162.158.114.2 - - [11/Jun/2024:01:21:38 +0700] "POST /wp-cron.php?doing_wp_cron=1718043698.6080009937286376953125 HTTP/1.1" 200 0 "-" "WordPress/6.5.3; https://truyenthongdps.com"" "172.69.65.211 - - [11/Jun/2024:01:21:37 +0700] "GET / HTTP/1.1" 200 34329 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"" "172.68.26.185 - - [11/Jun/2024:01:21:40 +0700] "GET / HTTP/1.1" 200 34326 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"" "172.68.26.37 - - [11/Jun/2024:01:21:41 +0700] "GET / HTTP/1.1" 200 34331 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"" "172.69.65.34 - - [11/Jun/2024:01:21:45 +0700] "GET / HTTP/1.1" 200 34326 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"".
from modsecurity.
I found in /usr/local/lsws/logs/error.log
2024-06-10 12:33:01.730873 [NOTICE] Loading LiteSpeed/1.7.19 Open (lsquic 3.3.2, modgzip 1.1, cache 1.66, mod_security 1.4 (with libmodsecurity v3.0.12)) BUILD (built: Tue Apr 16 15:14:26 UTC 2024) ...
Do you think im using mod_security ver 1.4 or 3.0.12.
I think you use libmodsecurity3, version 3.0.12, and your LightSpeed connector's version is 1.4.
Rule does not seems to work I mean, after I placed the rule in /usr/local/lsws/conf/modsec/rules.conf and then restarted OpenLiteSpeed. Afterward, I made several requests by repeatedly crawling at Facebook Debugger. However, all the requests still returned a status of 200, not the expected 429
there might be several reason why your rules don't work:
- your engine is turned off/in detection only mode (see SecRuleEngine settings)
- your rule's condition does not match with parameters
Please note that pause
action does not support in libmodsecurity3
- see the reference.
Could you try to turn of your debug.log, and send a request, then check that log? Set the loglevel to 9
. It's enough for few requests.
from modsecurity.
Related Issues (20)
- [BUG] multiMatch lead to unexpected match HOT 1
- Detect user agent and execute action HOT 1
- Bazel build on Windows HOT 4
- [FEATURE] Add a new `t:removeSQLComments` transformation HOT 2
- Mod3 ./configuration show missing HOT 2
- configure: error: PCRE2 was explicitly referenced but it was not found in v3.0.12 HOT 3
- Discussion about 'hostname' field in log HOT 9
- after scan coreruleset-main.zip by Microsoft defender for business version. HOT 2
- libModSecurity3: all triggered rule IDs sometimes won't be logged with anomaly scoring HOT 3
- Review and document multi-threading support and limitations HOT 4
- Hub f u HOT 1
- He
- The HOT 1
- rx: regex error 'MATCH_LIMIT' for pattern HOT 1
- When used in conjunction with nginx, requests to the root route are always loaded twice. HOT 4
- An error occurred when compiling and installing modsecurity HOT 3
- How do variables work HOT 5
- Query latest release returns a 2.x version rather than a 3.x version HOT 4
- mod_security2 v2.9.8 cannot be compiled with a specific CFLAG HOT 3
- ModSecurity GeoIP Lookup Issue with No Geo Data HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modsecurity.