LiteSpeed Web Server offers excellent ModSecurity compatibility. It allows sophisticated rules for filtering out attacking requests by checking for known attack signatures. LSWS has built-in WAF security features to block bad connections. LiteSpeed also works well with popular mod_security rule sets such as Owasp, Atomicorp, Comodo and CloudLinux Imunify360.
In a control panel environment, you would enable ModSecurity for LSWS the same way you would do it for Apache. Alternately, you can enable WAF rules in a non-control panel environment with LSWS native.
The most common environment is a cPanel server. You can just use cPanel ModSecurity Vendors to enable one of the ModSecurity rules sets, Owasp, Atomicorp, Comodo or CloudLinux Imunify360.
If you find a test case that seems to not work with LSWS, the most common troubleshooting step is to switch to Apache, and make sure your test case is working with Apache first. Most of the time, the rule set should behave the same for both servers.
If you do identify some test case that works for Apache but not LSWS, please provide detailed steps so that we may reproduce the issue. This includes (but is not limited to):
- What rule set are you using?
- Which rule ID doesn't work?
- What are the steps to make it work with Apache?
- Include the URL and ModSecurity log.
Once you've provided the above, we can take a further look.
