{"id":3333,"date":"2026-02-15T06:00:00","date_gmt":"2026-02-15T09:00:00","guid":{"rendered":"https:\/\/helpsysadmin.com.br\/blog\/?p=3333"},"modified":"2026-04-27T12:01:29","modified_gmt":"2026-04-27T15:01:29","slug":"configurar-modsecurity-nginx-litespeed-guia-pratico","status":"publish","type":"post","link":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/","title":{"rendered":"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx sem Quebrar sua Aplica\u00e7\u00e3o"},"content":{"rendered":"<div id=\"helps-1836244144\" class=\"helps-before-content-2 helps-entity-placement\"><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3661896953164277\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- 2anuncios display quadrado -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3661896953164277\"\r\n     data-ad-slot=\"5051229894\"\r\n     data-ad-format=\"auto\"\r\n     data-full-width-responsive=\"true\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><\/div>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/configurar-login-automatico-phpmyadmin\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"Como Configurar Login Autom\u00e1tico no phpMyAdmin via DirectAdmin\">Configurar<\/a> ModSecurity. Configurar um WAF (Web Application Firewall) como o ModSecurity \u00e9 como instalar um sistema de alarme: se voc\u00ea calibrar mal, ele vai disparar toda vez que o vento bater na janela, e logo voc\u00ea vai querer deslig\u00e1-lo.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">O segredo para n\u00e3o &#8220;quebrar&#8221; sua aplica\u00e7\u00e3o (gerar falsos positivos que bloqueiam usu\u00e1rios leg\u00edtimos) reside em uma abordagem gradual: <strong>Detec\u00e7\u00e3o &gt; Ajuste Fino &gt; Bloqueio.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Aqui est\u00e1 o guia pr\u00e1tico para Nginx e LiteSpeed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Implementar um Web Application Firewall como o ModSecurity \u00e9 uma das pr\u00e1ticas mais importantes para proteger aplica\u00e7\u00f5es web contra ataques automatizados e vulnerabilidades comuns. No entanto, a seguran\u00e7a n\u00e3o depende apenas do firewall, mas tamb\u00e9m da forma como a infraestrutura foi projetada. Para entender como estruturar corretamente esse ambiente, veja tamb\u00e9m o guia sobre <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/arquitetura-servidor-web-producao\/\">arquitetura de servidor web em produ\u00e7\u00e3o<\/a><\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-a-regra-de-ouro-comece-com-detection-only\">1. A Regra de Ouro: Comece com &#8220;Detection Only&#8221;<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">O erro n\u00famero 1 \u00e9 ativar o <strong><a href=\"https:\/\/modsecurity.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">ModSecurity<\/a><\/strong> j\u00e1 no modo de bloqueio. <strong>N\u00e3o fa\u00e7a isso.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">No seu arquivo de configura\u00e7\u00e3o principal (<code>modsecurity.conf<\/code>), a primeira diretiva que voc\u00ea deve verificar \u00e9 o <code>SecRuleEngine<\/code>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Errado (para o dia 1):<\/strong> <code>SecRuleEngine On<\/code> (Vai bloquear tr\u00e1fego leg\u00edtimo sem aviso).<\/li>\n\n\n\n<li><strong>Correto:<\/strong> <code>SecRuleEngine DetectionOnly<\/code><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Neste modo, o ModSecurity processa as regras e grava os alertas no log, mas <strong>n\u00e3o bloqueia<\/strong> a requisi\u00e7\u00e3o. Isso permite que voc\u00ea veja o que <em>seria<\/em> bloqueado.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-escolhendo-as-regras-owasp-crs\">2. Escolhendo as Regras: OWASP CRS<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">O ModSecurity \u00e9 apenas o motor; ele precisa de combust\u00edvel (regras). O padr\u00e3o da ind\u00fastria \u00e9 o<strong><a href=\"https:\/\/github.com\/coreruleset\/coreruleset\/releases\"> OWASP Core Rule Set (CRS).<\/a><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Dica de Configura\u00e7\u00e3o (crs-setup.conf):<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">O CRS funciona com &#8220;N\u00edveis de Paranoia&#8221; (Paranoia Levels &#8211; PL).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>PL1 (Padr\u00e3o):<\/strong> Baixo risco de falsos positivos. Bloqueia ataques \u00f3bvios (SQLi b\u00e1sico, XSS). <strong>Comece aqui.<\/strong><\/li>\n\n\n\n<li><strong>PL2+:<\/strong> Aumenta a rigidez, mas exige muito mais ajuste fino (whitelist).<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-implementacao-pratica\">3. Implementa\u00e7\u00e3o Pr\u00e1tica<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-cenario-a-nginx-com-libmodsecurity3\">Cen\u00e1rio A: Nginx (com libmodsecurity3)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Certifique-se de que o m\u00f3dulo est\u00e1 compilado\/carregado.<\/li>\n<\/ul>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\"><\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-cenario-b-litespeed-lsws-ou-openlitespeed\">Cen\u00e1rio B: LiteSpeed (LSWS ou OpenLiteSpeed)<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">O <strong><a href=\"https:\/\/www.litespeedtech.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">LiteSpeed<\/a><\/strong> tem um motor de WAF embutido de alt\u00edssima performance que l\u00ea regras compat\u00edveis com Apache.<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Acesse o <strong>WebAdmin Console<\/strong>.<\/li>\n\n\n\n<li>V\u00e1 em <strong>Server Configuration &gt; Security &gt; WAF<\/strong>.<\/li>\n\n\n\n<li><strong>Enable WAF:<\/strong> Yes.<\/li>\n\n\n\n<li><strong>Log Level:<\/strong> DEBUG (apenas durante a fase de ajuste, depois mude para NOTICE).<\/li>\n\n\n\n<li><strong>SecRuleEngine:<\/strong> DetectionOnly (Cuidado: o LiteSpeed permite configurar isso por Vhost tamb\u00e9m).<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Ferramentas como ModSecurity funcionam como uma camada adicional de prote\u00e7\u00e3o no servidor web. Em ambientes de produ\u00e7\u00e3o, essa camada costuma fazer parte de uma estrutura maior de infraestrutura, que inclui balanceamento de carga, cache e isolamento de aplica\u00e7\u00f5es dentro de uma <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/arquitetura-servidor-web-producao\/\">arquitetura de servidores web em produ\u00e7\u00e3o<\/a><\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-a-fase-de-tuning-ajuste-fino\">4. A Fase de Tuning (Ajuste Fino)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Deixe o site rodando em <code>DetectionOnly<\/code> por cerca de uma semana (ou execute testes automatizados de tr\u00e1fego). Agora, vamos analisar os logs.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Onde olhar:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Nginx: Geralmente <code>\/var\/log\/nginx\/modsec_audit.log<\/code><\/li>\n\n\n\n<li>LiteSpeed: Log de erro do servidor ou log espec\u00edfico de seguran\u00e7a definido na config.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-exemplo-pratico-de-falso-positivo\">Exemplo Pr\u00e1tico de Falso Positivo<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Digamos que voc\u00ea tem um CMS onde salva posts. O ModSecurity pode achar que o HTML do seu post \u00e9 um ataque XSS.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Log (Simplificado):<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><code>Message: Access denied with code 403... [id \"941160\"] [msg \"NoScript XSS InjectionChecker: HTML Injection\"] [uri \"\/admin\/save_post.php\"]<\/code><\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Como corrigir sem desligar o WAF inteiro:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">N\u00e3o remova a regra 941160 globalmente! Em vez disso, crie uma exce\u00e7\u00e3o cir\u00fargica.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>A sintaxe de exclus\u00e3o (Adicione isso em um arquivo <code>whitelist.conf<\/code> carregado AP\u00d3S as regras do CRS):<\/strong><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Op\u00e7\u00e3o Bruta (Desativar a regra para o site todo):<\/strong><em>N\u00e3o recomendado.<\/em><\/li>\n\n\n\n<li><strong>Op\u00e7\u00e3o Cir\u00fargica (Recomendada):<\/strong>Desativar a regra <em>apenas<\/em> para aquela URL espec\u00edfica ou par\u00e2metro.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-5-o-grande-dia-virada-de-chave\">5. O Grande Dia: Virada de Chave<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Depois de monitorar os logs e criar as exce\u00e7\u00f5es para o tr\u00e1fego leg\u00edtimo, seus logs devem estar limpos de falsos positivos, mostrando apenas tentativas reais de ataque ou scans de bots.<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Volte ao <code>modsecurity.conf<\/code> (ou painel do LiteSpeed).<\/li>\n\n\n\n<li>Altere para: <code>SecRuleEngine On<\/code>.<\/li>\n\n\n\n<li>Reinicie o servidor web.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Configurar corretamente o ModSecurity \u00e9 um passo importante para melhorar a seguran\u00e7a de aplica\u00e7\u00f5es web. No entanto, a prote\u00e7\u00e3o do ambiente depende tamb\u00e9m de uma infraestrutura bem planejada, incluindo configura\u00e7\u00e3o de servidores, balanceamento e monitoramento. Para aprofundar esse tema, veja tamb\u00e9m o guia completo sobre <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/arquitetura-servidor-web-producao\/\">arquitetura de servidor web em produ\u00e7\u00e3o<\/a><\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-faq\">FAQ<\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1770780143279\"><strong class=\"schema-faq-question\">Por que o ModSecurity est\u00e1 bloqueando meu painel de administra\u00e7\u00e3o?<\/strong> <p class=\"schema-faq-answer\">Geralmente, isso \u00e9 um &#8220;falso positivo&#8221;. O ModSecurity identifica padr\u00f5es no HTML ou nos formul\u00e1rios do seu CMS (como WordPress ou Magento) que se assemelham a ataques SQL Injection ou XSS. A solu\u00e7\u00e3o \u00e9 analisar o ID da regra no log de erro e criar uma exclus\u00e3o (whitelist) espec\u00edfica para aquela URL.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1770780177337\"><strong class=\"schema-faq-question\"><strong>Qual a diferen\u00e7a entre ModSecurity no Nginx e no LiteSpeed?<\/strong><\/strong> <p class=\"schema-faq-answer\">No Nginx, o ModSecurity funciona como um m\u00f3dulo externo (libmodsecurity3) que precisa ser compilado ou carregado, e as regras ficam no bloco <code>server<\/code>. No LiteSpeed (LSWS e OpenLiteSpeed), o motor WAF j\u00e1 \u00e9 nativo, oferecendo maior performance e compatibilidade direta com regras do Apache, gerenciado via interface WebAdmin.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1770780225067\"><strong class=\"schema-faq-question\">O que \u00e9 o modo &#8220;DetectionOnly&#8221;?<\/strong> <p class=\"schema-faq-answer\">\u00c9 o modo de &#8220;apenas detec\u00e7\u00e3o&#8221;. Quando ativado (<code>SecRuleEngine DetectionOnly<\/code>), o WAF analisa o tr\u00e1fego e grava os ataques no log, mas <strong>n\u00e3o bloqueia<\/strong> o usu\u00e1rio. \u00c9 essencial usar este modo durante a primeira semana de configura\u00e7\u00e3o para ajustar as regras sem tirar o site do ar.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1770780250737\"><strong class=\"schema-faq-question\">O OWASP Core Rule Set (CRS) deixa o site lento?<\/strong> <p class=\"schema-faq-answer\">O impacto na performance depende do n\u00famero de regras ativadas e do &#8220;Paranoia Level&#8221; (PL). O PL1 (padr\u00e3o) \u00e9 otimizado para baixo impacto. No entanto, em servidores com poucos recursos, o processamento de express\u00f5es regulares (Regex) do WAF pode adicionar alguns milissegundos \u00e0 lat\u00eancia. O LiteSpeed tende a processar essas regras mais r\u00e1pido que o Nginx + ModSecurity.<\/p> <\/div> <\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-veja-mais\"><strong>Veja Mais:<\/strong><br><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/identificar-cpu-steal-io-lento-latencia\/\">Como Identificar CPU Steal, I\/O Lento e Lat\u00eancia Vari\u00e1vel em Servidores Linux<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/diagnosticar-problemas-disco-linux\/\">Como diagnosticar problemas de disco em servidores Linux<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/reduzindo-ruido-monitoramento-servidores\/\">Reduzindo Ru\u00eddo em Monitoramento de Servidores<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/arquitetura-servidor-web-producao\/\">Arquitetura de Servidor Web em Produ\u00e7\u00e3o<\/a><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/imunify360-vs-crowdsec-comparativo\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Imunify360 vs CrowdSec: Qual o Melhor Firewall para Linux?<\/strong><\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/configuracao-do-firewall-ovh\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Configura\u00e7\u00e3o do firewall OVH<\/strong><\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/guia-completo-do-directadmin-para-administradores\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Guia Completo do DirectAdmin para Administradores | Instala\u00e7\u00e3o, Seguran\u00e7a e Performance<\/strong><\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/erros-comuns-servidores-de-hospedagem\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Erros comuns ao administrar servidores de hospedagem<\/strong><\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/helpsysadmin.com.br\/blog\/apache-vs-nginx-vs-litespeed-benchmarks\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Guerra dos Web Servers: Apache vs. Nginx vs. Litespeed \u2013 Benchmarks reais.<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Configurar ModSecurity. Configurar um WAF (Web Application Firewall) como o ModSecurity \u00e9 como instalar um sistema de alarme: se voc\u00ea calibrar mal, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3334,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4197],"tags":[3451,2916,2634,3445,24,3449,3455,3447,3453,3443],"class_list":["post-3333","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-seguranca-e-hardening","tag-firewall-aplicacao","tag-hardening","tag-litespeed","tag-modsecurity","tag-nginx","tag-owasp-crs","tag-protecao-wordpress","tag-seguranca-web","tag-servidores-linux-4","tag-waf"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.9 (Yoast SEO v27.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx<\/title>\n<meta name=\"description\" content=\"Como Configurar ModSecurity no Nginx e LiteSpeed (Sem Quebrar o Site) Alternativa: Guia ModSecurity: Configura\u00e7\u00e3o Segura para Nginx e LiteSpeed\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx sem Quebrar sua Aplica\u00e7\u00e3o\" \/>\n<meta property=\"og:description\" content=\"Como Configurar ModSecurity no Nginx e LiteSpeed (Sem Quebrar o Site) Alternativa: Guia ModSecurity: Configura\u00e7\u00e3o Segura para Nginx e LiteSpeed\" \/>\n<meta property=\"og:url\" content=\"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog HelpSysAdmin\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-15T09:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-27T15:01:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/waf.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"633\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"HelpSysAdmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brhelpsysad\" \/>\n<meta name=\"twitter:site\" content=\"@brhelpsysad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/\"},\"author\":{\"name\":\"HelpSysAdmin\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/bdbe3d7d71a0c6a3cb474c18da574efb\"},\"headline\":\"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx sem Quebrar sua Aplica\u00e7\u00e3o\",\"datePublished\":\"2026-02-15T09:00:00+00:00\",\"dateModified\":\"2026-04-27T15:01:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/\"},\"wordCount\":1039,\"publisher\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/02\\/waf.webp\",\"keywords\":[\"firewall aplica\u00e7\u00e3o\",\"hardening\",\"LiteSpeed\",\"modsecurity\",\"nginx\",\"owasp crs\",\"prote\u00e7\u00e3o wordpress\",\"seguran\u00e7a web\",\"servidores linux\",\"waf\"],\"articleSection\":[\"Seguran\u00e7a e Hardening\"],\"inLanguage\":\"pt-BR\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/\",\"name\":\"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/02\\/waf.webp\",\"datePublished\":\"2026-02-15T09:00:00+00:00\",\"dateModified\":\"2026-04-27T15:01:29+00:00\",\"description\":\"Como Configurar ModSecurity no Nginx e LiteSpeed (Sem Quebrar o Site) Alternativa: Guia ModSecurity: Configura\u00e7\u00e3o Segura para Nginx e LiteSpeed\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780143279\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780177337\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780225067\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780250737\"}],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#primaryimage\",\"url\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/02\\/waf.webp\",\"contentUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/02\\/waf.webp\",\"width\":1400,\"height\":633},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx sem Quebrar sua Aplica\u00e7\u00e3o\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\",\"name\":\"Blog HelpSysAdmin\",\"description\":\"Webserver linux blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\"},\"alternateName\":\"HelpSysAdmin Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\",\"name\":\"HelpSysAdmin Gerenciamento de Servidores\",\"alternateName\":\"HelpSysAdmin\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\/\\/mlkpd8g42nae.i.optimole.com\\/w:512\\/h:512\\/q:mauto\\/f:best\\/https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2020\\/12\\/favicon.png\",\"contentUrl\":\"https:\\/\\/mlkpd8g42nae.i.optimole.com\\/w:512\\/h:512\\/q:mauto\\/f:best\\/https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2020\\/12\\/favicon.png\",\"width\":512,\"height\":512,\"caption\":\"HelpSysAdmin Gerenciamento de Servidores\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/brhelpsysad\",\"https:\\\/\\\/mastodon.social\\\/@helpsysadmin\"],\"description\":\"Oferecemos o gerenciamento de servidores dedicados, vps ou cloud. Apresentamos a melhor experi\u00eancia em atendimento e servi\u00e7o. Nosso time cuidar\u00e1 do seu servidor com backups, an\u00e1lises constantes, ajustes de seguran\u00e7a, realiza\u00e7\u00e3o de manuten\u00e7\u00e3o preventiva e corretiva, otimiza\u00e7\u00e3o de performance al\u00e9m de monitoramento 24\u00d77 com suporte Pr\u00f3 Ativo.\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"1\",\"maxValue\":\"10\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/bdbe3d7d71a0c6a3cb474c18da574efb\",\"name\":\"HelpSysAdmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g\",\"caption\":\"HelpSysAdmin\"},\"sameAs\":[\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\"]},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780143279\",\"position\":1,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780143279\",\"name\":\"Por que o ModSecurity est\u00e1 bloqueando meu painel de administra\u00e7\u00e3o?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Geralmente, isso \u00e9 um \\\"falso positivo\\\". O ModSecurity identifica padr\u00f5es no HTML ou nos formul\u00e1rios do seu CMS (como WordPress ou Magento) que se assemelham a ataques SQL Injection ou XSS. A solu\u00e7\u00e3o \u00e9 analisar o ID da regra no log de erro e criar uma exclus\u00e3o (whitelist) espec\u00edfica para aquela URL.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780177337\",\"position\":2,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780177337\",\"name\":\"Qual a diferen\u00e7a entre ModSecurity no Nginx e no LiteSpeed?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"No Nginx, o ModSecurity funciona como um m\u00f3dulo externo (libmodsecurity3) que precisa ser compilado ou carregado, e as regras ficam no bloco server. No LiteSpeed (LSWS e OpenLiteSpeed), o motor WAF j\u00e1 \u00e9 nativo, oferecendo maior performance e compatibilidade direta com regras do Apache, gerenciado via interface WebAdmin.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780225067\",\"position\":3,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780225067\",\"name\":\"O que \u00e9 o modo \\\"DetectionOnly\\\"?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"\u00c9 o modo de \\\"apenas detec\u00e7\u00e3o\\\". Quando ativado (SecRuleEngine DetectionOnly), o WAF analisa o tr\u00e1fego e grava os ataques no log, mas <strong>n\u00e3o bloqueia<\\\/strong> o usu\u00e1rio. \u00c9 essencial usar este modo durante a primeira semana de configura\u00e7\u00e3o para ajustar as regras sem tirar o site do ar.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780250737\",\"position\":4,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/configurar-modsecurity-nginx-litespeed-guia-pratico\\\/#faq-question-1770780250737\",\"name\":\"O OWASP Core Rule Set (CRS) deixa o site lento?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"O impacto na performance depende do n\u00famero de regras ativadas e do \\\"Paranoia Level\\\" (PL). O PL1 (padr\u00e3o) \u00e9 otimizado para baixo impacto. No entanto, em servidores com poucos recursos, o processamento de express\u00f5es regulares (Regex) do WAF pode adicionar alguns milissegundos \u00e0 lat\u00eancia. O LiteSpeed tende a processar essas regras mais r\u00e1pido que o Nginx + ModSecurity.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx","description":"Como Configurar ModSecurity no Nginx e LiteSpeed (Sem Quebrar o Site) Alternativa: Guia ModSecurity: Configura\u00e7\u00e3o Segura para Nginx e LiteSpeed","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/","og_locale":"pt_BR","og_type":"article","og_title":"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx sem Quebrar sua Aplica\u00e7\u00e3o","og_description":"Como Configurar ModSecurity no Nginx e LiteSpeed (Sem Quebrar o Site) Alternativa: Guia ModSecurity: Configura\u00e7\u00e3o Segura para Nginx e LiteSpeed","og_url":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/","og_site_name":"Blog HelpSysAdmin","article_published_time":"2026-02-15T09:00:00+00:00","article_modified_time":"2026-04-27T15:01:29+00:00","og_image":[{"width":1400,"height":633,"url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/waf.webp","type":"image\/webp"}],"author":"HelpSysAdmin","twitter_card":"summary_large_image","twitter_creator":"@brhelpsysad","twitter_site":"@brhelpsysad","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#article","isPartOf":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/"},"author":{"name":"HelpSysAdmin","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/person\/bdbe3d7d71a0c6a3cb474c18da574efb"},"headline":"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx sem Quebrar sua Aplica\u00e7\u00e3o","datePublished":"2026-02-15T09:00:00+00:00","dateModified":"2026-04-27T15:01:29+00:00","mainEntityOfPage":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/"},"wordCount":1039,"publisher":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#primaryimage"},"thumbnailUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/waf.webp","keywords":["firewall aplica\u00e7\u00e3o","hardening","LiteSpeed","modsecurity","nginx","owasp crs","prote\u00e7\u00e3o wordpress","seguran\u00e7a web","servidores linux","waf"],"articleSection":["Seguran\u00e7a e Hardening"],"inLanguage":"pt-BR"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/","url":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/","name":"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx","isPartOf":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#primaryimage"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#primaryimage"},"thumbnailUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/waf.webp","datePublished":"2026-02-15T09:00:00+00:00","dateModified":"2026-04-27T15:01:29+00:00","description":"Como Configurar ModSecurity no Nginx e LiteSpeed (Sem Quebrar o Site) Alternativa: Guia ModSecurity: Configura\u00e7\u00e3o Segura para Nginx e LiteSpeed","breadcrumb":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780143279"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780177337"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780225067"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780250737"}],"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#primaryimage","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/waf.webp","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/02\/waf.webp","width":1400,"height":633},{"@type":"BreadcrumbList","@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/helpsysadmin.com.br\/blog\/"},{"@type":"ListItem","position":2,"name":"WAF na Pr\u00e1tica: Configurando ModSecurity no LiteSpeed e Nginx sem Quebrar sua Aplica\u00e7\u00e3o"}]},{"@type":"WebSite","@id":"https:\/\/helpsysadmin.com.br\/blog\/#website","url":"https:\/\/helpsysadmin.com.br\/blog\/","name":"Blog HelpSysAdmin","description":"Webserver linux blog","publisher":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization"},"alternateName":"HelpSysAdmin Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/helpsysadmin.com.br\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization","name":"HelpSysAdmin Gerenciamento de Servidores","alternateName":"HelpSysAdmin","url":"https:\/\/helpsysadmin.com.br\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:512\/h:512\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2020\/12\/favicon.png","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:512\/h:512\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2020\/12\/favicon.png","width":512,"height":512,"caption":"HelpSysAdmin Gerenciamento de Servidores"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/brhelpsysad","https:\/\/mastodon.social\/@helpsysadmin"],"description":"Oferecemos o gerenciamento de servidores dedicados, vps ou cloud. Apresentamos a melhor experi\u00eancia em atendimento e servi\u00e7o. Nosso time cuidar\u00e1 do seu servidor com backups, an\u00e1lises constantes, ajustes de seguran\u00e7a, realiza\u00e7\u00e3o de manuten\u00e7\u00e3o preventiva e corretiva, otimiza\u00e7\u00e3o de performance al\u00e9m de monitoramento 24\u00d77 com suporte Pr\u00f3 Ativo.","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"1","maxValue":"10"}},{"@type":"Person","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/person\/bdbe3d7d71a0c6a3cb474c18da574efb","name":"HelpSysAdmin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/efc0007e6a313a844b72de257e05c6083b07b6ecc6983a4f71e06293ff2e22fd?s=96&d=mm&r=g","caption":"HelpSysAdmin"},"sameAs":["https:\/\/helpsysadmin.com.br\/blog\/"]},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780143279","position":1,"url":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780143279","name":"Por que o ModSecurity est\u00e1 bloqueando meu painel de administra\u00e7\u00e3o?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Geralmente, isso \u00e9 um \"falso positivo\". O ModSecurity identifica padr\u00f5es no HTML ou nos formul\u00e1rios do seu CMS (como WordPress ou Magento) que se assemelham a ataques SQL Injection ou XSS. A solu\u00e7\u00e3o \u00e9 analisar o ID da regra no log de erro e criar uma exclus\u00e3o (whitelist) espec\u00edfica para aquela URL.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780177337","position":2,"url":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780177337","name":"Qual a diferen\u00e7a entre ModSecurity no Nginx e no LiteSpeed?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"No Nginx, o ModSecurity funciona como um m\u00f3dulo externo (libmodsecurity3) que precisa ser compilado ou carregado, e as regras ficam no bloco server. No LiteSpeed (LSWS e OpenLiteSpeed), o motor WAF j\u00e1 \u00e9 nativo, oferecendo maior performance e compatibilidade direta com regras do Apache, gerenciado via interface WebAdmin.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780225067","position":3,"url":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780225067","name":"O que \u00e9 o modo \"DetectionOnly\"?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"\u00c9 o modo de \"apenas detec\u00e7\u00e3o\". Quando ativado (SecRuleEngine DetectionOnly), o WAF analisa o tr\u00e1fego e grava os ataques no log, mas <strong>n\u00e3o bloqueia<\/strong> o usu\u00e1rio. \u00c9 essencial usar este modo durante a primeira semana de configura\u00e7\u00e3o para ajustar as regras sem tirar o site do ar.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780250737","position":4,"url":"https:\/\/helpsysadmin.com.br\/blog\/configurar-modsecurity-nginx-litespeed-guia-pratico\/#faq-question-1770780250737","name":"O OWASP Core Rule Set (CRS) deixa o site lento?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"O impacto na performance depende do n\u00famero de regras ativadas e do \"Paranoia Level\" (PL). O PL1 (padr\u00e3o) \u00e9 otimizado para baixo impacto. No entanto, em servidores com poucos recursos, o processamento de express\u00f5es regulares (Regex) do WAF pode adicionar alguns milissegundos \u00e0 lat\u00eancia. O LiteSpeed tende a processar essas regras mais r\u00e1pido que o Nginx + ModSecurity.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"}]}},"lang":"pt","translations":{"pt":3333},"pll_sync_post":{},"_links":{"self":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/3333","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/comments?post=3333"}],"version-history":[{"count":7,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/3333\/revisions"}],"predecessor-version":[{"id":6590,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/3333\/revisions\/6590"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/media\/3334"}],"wp:attachment":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/media?parent=3333"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/categories?post=3333"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/tags?post=3333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}