Author Topic: bruteforce rule no longer works after update to 1.162  (Read 345 times)

Offline garconcn

  • Newbie
  • *
  • Posts: 16
bruteforce rule no longer works after update to 1.162
« on: April 28, 2018, 02:24:48 PM »
I am using comodo rule set for cpanel modsecurity, after update the rule to the latest version yesterday, I found the bruteforce rule does not work for all servers.

The old rule file was at
-rw-r--r-- 1 root root 5.9K Mar 13 16:36 /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_Bruteforce_Bruteforce.conf

The file was changed to new name with empty rules inside:
-rw-r--r-- 1 root root 642 Apr 26 16:32 /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Bruteforce_Bruteforce.conf

Code: [Select]
# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2018 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecMarker GENERIC_POST_BRUTEFORCE_END

Offline garconcn

  • Newbie
  • *
  • Posts: 16
Re: bruteforce rule no longer works after update to 1.162
« Reply #1 on: April 28, 2018, 02:27:17 PM »
Another thing about this update: it re-enabled all the categories that I've disabled previously and reset the userdata file like "userdata_bl_agents". I've reported this issue to both cpanel and comodo last year, I've been told this will be fixed but it's not.

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 195
Re: bruteforce rule no longer works after update to 1.162
« Reply #2 on: April 30, 2018, 04:55:48 AM »
Hello garconcn. You have downloaded ruleset for modsecurity3 for nginx. This is known issue. For now the solution is to download ruleset for apache manually.
Sorry for the inconvenience.

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 195
Re: bruteforce rule no longer works after update to 1.162
« Reply #3 on: April 30, 2018, 09:06:31 AM »
If it possible please share content of /etc/cwaf/main.conf file. Thanks.


 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek