Request Filtering

LiteSpeed's request filter is equivalent to that in Apache's mod_security. There are two separate rule systems. Rules configured from the WebAdmin console only work for virtual hosts configured via the WebAdmin console in native xml. For virtual hosts configured through Apache httpd.conf, you need to configure mod_security rules through httpd.conf, just like you would with Apache.

Table of Contents

Enable Request Filtering

Description: Specifies whether to enable request content deep inspection. This feature is equivalent to Apache's mod_security, which can be used to detect and block requests with ill intention by matching them to known signatures.

Syntax: Select from radio box

Log Level

Description: Specifies the level of detail of the request filtering engine's debug output. This value ranges from 0 - 9. 0 disables logging. 9 produces the most detailed log. The the server and virtual host's error log Log Level must be set to at least INFO for this option to take effect. This is useful when testing your request filtering rules.

Syntax: Integer number

See Also: Server Log Level, Virtual Host Log Level

Default Action

Description: Specifies the default actions that should be taken when a censoring rule is met. Default value is deny,log,status:403, which means to deny access with status code 403 and log the incident in the error log.

Syntax: String. This action string is compatible with the syntax of Apache mod_security. Please refer to the mod_security manual for more detail. EXAMPLE: END_EXAMPLE TIPS: END_TIPS

See Also: Rule Set Action

Scan Request Body

Description: Specifies whether to check the body of a HTTP POST request. Default is "No".

Syntax: Select from radio box

Disable .htaccess Override

Description: Specifies whether to disable .htaccess override. This is a global setting, only available at the server level. Default is "No".

Syntax: Select from radio box

Enable Security Audit Log

Description: Specifies whether to enable audit logging. This feature is equivalent to Apache's mod_security audit engine. If it is enabled and Security Audit Log is set, detailed request information will be saved.

Syntax: Select from radio box

See Also: Security Audit Log

Security Audit Log

Description: Specifies the path of the security audit log, which gives more detailed information. This extra information can be useful if, for example, you wish to track the actions of a particular user. Use Enable Security Audit Log to turn on the logging.

Syntax: File name which can be an absolute path or relative to $SERVER_ROOT.

See Also: Enable Security Audit Log

Request Filtering Rule Set

Description: Rules configured here only work for virtual hosts configured with a native LSWS configuration, not for virtual hosts using Apache httpd.conf.

Name

Description: Give a group of censorship rules a name. For display only.

Syntax: String

Rule Set Action

Description: Specifies the actions that should be taken when a censoring rule in current ruleset is met. If not set, Default Action will be used.

Syntax: String. This action string uses the same syntax as directive SecDefaultAction in Apache mod_security, please refer to the mod_security manual for more details.

Enabled

Description: Specifies whether to enable this rule set. With this option, a rule set can be quickly turned on and off without adding or removing the rule set. Default is "Yes".

Syntax: Select from radio box

Rules Definition

Description: Specifies a list of censorship rules. If you are using an Apache config file, you have to set up rules in httpd.conf. Rules defined here will have no effect.

Syntax: String. Syntax of censoring rules follows that of Apache's mod_security directives. "SecFilter", "SecFilterSelective", and "SecRule" can be used here. You can copy and paste security rules from an Apache configuration file. For more details about rule syntax, please refer to the Mod Security documentation.

Tips: Rules configured here only work for vhosts configured in native LSWS configuration, not for vhosts from Apache httpd.conf.