Free mod_security rules!

Melih · December 28, 2013, 6:17pm

Click here to get Free Modsecurity rules

Web hosting industry is an important industry for Comodo.
Protecting web sites is an important function as attacks against websites increase and not only are the businesses running these websites are under attack, but visitors who use these websites are also vulnerable due to compromised web servers and web sites.

Mod_sec is a decent platform but without signatures/rules its not much use (ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules)](ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules)

There were some free mod_sec rules in the past that did a good job, albeit delayed it was decent, but it no longer is available. (Please note that Atomicorp no longer provides a free delayed version of its ModSecurity Rule set.)

Comodo is a company who sees the threat on daily basis on both sides of the fight, consumer side and business side. We see it in the consumer side because we protect tens of millions of users using our Antivirus products. We see it on the business site because we monitor and protect businesses and their website with products like www.hackerguardian.com and www.webinspector.com.

So, this puts Comodo in the position of most capable company who can produce the mod_sec rules and do so very effectively. And here we are, we decided to build the infrastructure and provide mod_sec rules for FREE! (there might be different variation in future but we will always provide some free version so that you can be secure).

Here is our promise to you: We will work with you to protect your web sites and web servers! Talk to us about problems/attacks you are facing and let us provide you mod_sec rules for free to protect yourself.

you can go ahead and get your mod_sec rules for free at http://modsecurity.comodo.com/

Free Mod_security Rules blog

cheers

Melih

[attachment deleted by admin]

Melih · December 29, 2013, 6:31pm

BTW…

We are more than happy to focus on specific attack vectors, and create custom virtual patches for these vulnerabilities.

So talk to us about these and we’ll be more than happy to create these…(for free)…

Melih

_0M0D0 · December 30, 2013, 1:28pm

One I install it, will it protect all my websites hosted under the same server, or do I have to create rules for each website?

idem · December 30, 2013, 9:05pm

It will work for all sites on server by default, but you can limit it to specific sites if you want.

George_Fusioned · December 30, 2013, 9:42pm

In case this is for cPanel, there’s a great tool called ConfigServer ModSecurity Control (cmc) which allows you to control the domains you wish to protect (or not) with mod_security as well as see the mod_security logfile with detailed information about each entry. Additionally you can edit the mod_security conf files from there.

Check it out here: ConfigServer Modsecurity Control (cmc) – ConfigServer Services

_0M0D0 · December 31, 2013, 1:12am

Thank you both for your reply. I will give it a try. :-TU

platinumservermanage · January 2, 2014, 2:08am

This is really great that comodo is providing a free set of modsecurity rules. Just wondering, how often are the rules updated? and how strict are they (will they cause a lot of false alarms with common scripts like WP, Joomla, etc)?

Thanks!

Melih · January 2, 2014, 1:07pm

We have over 70M users with our Free antivirus products and FP is an important thing to watch for them too. Our AV labs are well trained to “hate FPs” :).
Of course nothing is 100% and the key is, our AV labs guys are present here in this forum 24/7. If you get any FP, you can report via the application or come here and tell us, we’ll see to it immediately and release patch.
How fast are the updates? As fast as a new vulnerability is found. We are constantly watching any new vulnerability, the second we find out, is the second we start writing the rules.

Our job is to protect you and your business.

Melih

Melih · January 10, 2014, 9:20pm

we will have the new version of cpanel plugin available early next week! HURRAY

Julien-WebTalkPRO · January 11, 2014, 2:01am

Great! 0.32 btw are pretty smooth so far. 8)

Melih · January 11, 2014, 1:48pm

Thanks Julien, good to hear.

I think the rules are pretty smooth now (thanks to you guys!).

New cpanel plugin will be released early next week and we hope it will be working nicely too…

then the work is about creating the fastest modsec rules…offer highest security with the least cpu cycles!

cheers

Melih

Melih · January 13, 2014, 6:13pm

The latest version is now released.

Cpanel plugin supports the latest cpanel version and all seems to be working nicely (fingers crossed).

you can now install free modsecurity rules using our Comodo cpanel plugin at waf.comodo.com

please let us know if we can help in any way.

Julien-WebTalkPRO · January 13, 2014, 11:08pm

1.0 cPanel Plugin working good so far. Nice!

Melih · January 14, 2014, 12:29am

hurray thanks for the confirmation Julien!

_0M0D0 · January 14, 2014, 2:46pm

I want to give this a try, but I have 3 concise questions:

If I am running another panel other than cPanel, can I still use the Agent? If “yes”, how can I access the WAF panel to manage and update the rules?
How can I apply the rules to only a few specific websites (virtual hosts), instead of ALL the websites?
Is there a tool or online service that can be used to do an “attack” and see Comodo WAF in action?

Thank you very much. I am very interested in this product.

vadim · January 14, 2014, 3:37pm

Yes, you may install standalone scripts:

`Cpanel installation hasn’t been found.
You may install standalone scripts.

Continue installation [y/n]:`

In that case you will be able to access:

console update script, e.g. path /opt/cwaf/scripts/updater.pl
WAF web interface: https://waf.comodo.com

See more here:

If you don’t use cPanel with CWAF plugin, you need to edit Apache configuration files.

See example of solution here: apache 2.2 - Enable Mod_Security for only one website - Server Fault

Basically, you may use web-browser to send some hackers requests, trying SQL injection or XSS. Or try to use some kind of vulnerability scanner, like Comodo Hacker Guarduan: http://www.hackerguardian.com/

designcentre · January 15, 2014, 4:05am

Found CPanel installation.
Continue installation [y/n]: y
Path to perl packages
PERL - /usr/local/cpanel/3rdparty/bin/perl
CPAN - /usr/local/cpanel/3rdparty/perl/514/bin/cpan

Check perl dependencies… [OK]
Check Apache HTTP installation… [OK] (2.2)
Check Mod_Security installation… [OK]
Decompress Comodo WAF package…/usr/bin/tail: cannot open `…//root/cwaf_client_install.sh’ for reading: No such file or directory

gzip: stdin: unexpected end of file
/bin/tar: Child returned status 1
/bin/tar: Error is not recoverable: exiting now
[OK]

Enter CWAF connection data

Enter CWAF user: xxxxxxxxxxxxx
Enter CWAF password: xxxxxxxxxxxxx
Prepare Comodo WAF configuration…
Comodo WAF Perl modules package not found.
Installation aborted

httpEasy · January 15, 2014, 7:55am

I encountered the same issue. Would it help to change the script

if [ ! -r Comodo-CWAF.tar.gz ]; then echo -e "\nComodo WAF Perl modules package not found." do_exit 1 fi
$TAR_BIN -zxf Comodo-CWAF.tar.gz

and rename all instances of the package name to cwaf_rules-0.3x.tgz?

vadim · January 15, 2014, 9:14am

Hello

Seems you started installation script from another directory.

Please try to change directory before starting script, e.g.

cd /root bash cwaf_client_install.sh

Documentation and installation instructions will be expanded in the near future.

Valentinchen · January 15, 2014, 12:37pm

very interesting! As I will learn to webprogram this might be very very useful as well as helpful tool. Great done!