Atomicorp

Hello:

we have the purchased rule set and attempting to configure with LiteSpeed. We have installed WPsyslog2 onto one of our sites and made a bad logon attempt. It was correctly written to syslog with the followingbut no OSSEC rule triggered. We have looked at the decoder 50-asl-wordpress-decoder.xml but that suggests each line should start with a program name of WPsyslogWhat are we doing wrong please ?

Brute force detection and shunning isnt accomplished using that plugin. Its done with modsecurity. Unfortunately litespeed doesnt support the brute force detection rules, because they dont do output detection. If you use ASL however, you can protect Litespeed with our WAF and brute force detection will work just fine.

Otherwise, we recommend you open a case with litespeed about supporting output scanning in their modsecurity like implementation.

Thanks Mike. I believe we shall switch back to Apache 2.4 if we cannot use those features.

Just enable a local WAF in ASL on ports 80 and 443, this puts a fully functional WAF in front of Litespeed. Then you can use output rules with litespeed (or any webserver or HTTP/HTTPS based service for that matter) to your hearts content.

https://www.atomicorp.com/wiki/index.php/ASL_WAF#local

Mike: does ASL have a single GUI with distributed agents when installed on multiple servers ? or does each have its own GUI.

Thank you for the question. ASL is designed like cpanel, Plesk and other control panels so there is a control panel for each server.

If you want to put a single ASL instance in front of a bunch of servers, we also off a traditional WAF appliance version of ASL for this purpose.

Mike:

would you be able to PM details of your WAF solutions please.

Thank you.