LiteSpeed Web Server Users' Manual

Version 5.1 Rev. 4

Request Filtering

LiteSpeed's request filter is equivalent to that in Apache's mod_security. There are two separate rule systems. Rules configured from the WebAdmin console only work for virtual hosts configured via the WebAdmin console in native xml. For virtual hosts configured through Apache httpd.conf, you need to configure mod_security rules through httpd.conf, just like you would with Apache.

Table of Contents

Request Filter

Enable Request Filtering | Log Level | Default Action | Scan Request Body | Temporary File Path | Temporary File Permissions | Disable .htaccess Override | Enable Security Audit Log | Security Audit Log | 

Request Filtering Rule Set

Name | Rule Set Action | Enabled | Rules Definition | 

Enable Request FilteringGo to top

Description

Specifies whether to enable request content deep inspection. This feature is equivalent to Apache's mod_security, which can be used to detect and block requests with ill intention by matching them to known signatures.

Syntax

Select from radio box

Log LevelGo to top

Description

Specifies the level of detail of the request filtering engine's debug output. This value ranges from 0 - 9. 0 disables logging. 9 produces the most detailed log. The the server and virtual host's error log Log Level must be set to at least INFO for this option to take effect. This is useful when testing request filtering rules.

Syntax

Integer number

See Also

Server Log Level, Virtual Host Log Level

Default ActionGo to top

Description

Specifies the default actions that should be taken when a censoring rule is met. Default value is deny,log,status:403, which means to deny access with status code 403 and log the incident in the error log.

See Also

Rule Set Action

Scan Request BodyGo to top

Description

Specifies whether to check the body of an HTTP POST request. Default is "No".

Syntax

Select from radio box

Temporary File PathGo to top

Description

Temporary directory where files being uploaded to server will be stored while request body parser is working. Default value is /tmp.

Syntax

Absolute path or path starting with $SERVER_ROOT (for Server and VHost levels).

Temporary File PermissionsGo to top

Description

Global setting determining file permissions used for files stored in the Temporary File Path directory.

Syntax

3 digits octet number. Default value is 666.

Disable .htaccess OverrideGo to top

Description

Disable turning off mod_security engine in .htaccess. This is a global setting only available at the server level. Default is "No".

Syntax

Select from radio box

Enable Security Audit LogGo to top

Description

Specifies whether to enable audit logging. This feature is equivalent to Apache's mod_security audit engine. If it is enabled and Security Audit Log is set, detailed request information will be saved.

Syntax

Select from radio box

See Also

Security Audit Log

Security Audit LogGo to top

Description

Specifies the path of the security audit log, which gives more detailed information. This extra information can be useful if, for example, you wish to track the actions of a particular user. Use Enable Security Audit Log to turn on the logging.

Syntax

Filename which can be an absolute path or a relative path to $SERVER_ROOT.

See Also

Enable Security Audit Log

Request Filtering Rule SetGo to top

Description

Rules configured here only work for virtual hosts configured with a native LSWS configuration, not for virtual hosts using Apache httpd.conf.

NameGo to top

Description

Give a group of censorship rules a name. For display only.

Syntax

String

Rule Set ActionGo to top

Description

Specifies the actions that should be taken when a censoring rule in current ruleset is met. If not set, Default Action will be used.

Syntax

String. This action string uses the same syntax as Apache's mod_security SecDefaultAction directive.

EnabledGo to top

Description

Specifies whether to enable this rule set. With this option, a rule set can be quickly turned on and off without adding or removing the rule set. Default is "Yes".

Syntax

Select from radio box

Rules DefinitionGo to top

Description

Specifies a list of censorship rules.

If you are using an Apache config file, you have to set up rules in httpd.conf. Rules defined here will have no effect.

Syntax

String. Syntax of censoring rules follows that of Apache's mod_security directives. "SecFilter", "SecFilterSelective", and "SecRule" can be used here. You can copy and paste security rules from an Apache configuration file.

For more details about rule syntax, please refer to the Mod Security documentation.

Tips

Rules configured here only work for vhosts configured in native LSWS configuration, not for vhosts from Apache httpd.conf.