Author Topic: Comodo as a ModSecurity Vendor in cPanel  (Read 21111 times)

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 338
Comodo as a ModSecurity Vendor in cPanel
« on: March 10, 2015, 05:29:34 AM »
Comodo can now be easily installed as ModSecurity Vendor to cPanel for Apache and LiteSpeed platforms.

If your server is running  cPanel 11.48 and higher you may install Comodo as ModSecurity Vendor using the next steps:

  • Go to Security Center -> ModSecurity Vendors.

  • Click Add Vendor.


  • Click Load and then Save.



See also cPanel ModSecurity Vendors Requirements

Warnings:
  • cPanel ModSecurity Vendors are not compatible with CWAF plugin. So, you can't use both in parallel for management your protection rules.
  • Don't activate both Comodo Rule Sets for Apache and LiteSpeed simultaneously to avoid conflicts.


Release Notes:
  • In the current version you can't report problems with Comodo rules through cPanel ModSecurity Tools.
  • We don't recommend to enable two ModSecurity Vendors simultaneously to avoid possibly logical conflicts and performance issues.

Please send us your feedback to improve this feature.

[attachment deleted by admin]
« Last Edit: March 19, 2015, 04:37:31 AM by vadim »
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline Hedloff

  • Comodo Loves me
  • ****
  • Posts: 152
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #1 on: March 10, 2015, 05:45:06 AM »
So you recommend removing Comodo WAF plugin in WHM if we enable it as a vendor and use your rules trough cPanel?
Does this release make it possible for users with Mod Security icon in cPanel be able to turn off/on mod_security on their account?

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 338
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #2 on: March 10, 2015, 06:03:25 AM »
So you recommend removing Comodo WAF plugin in WHM if we enable it as a vendor and use your rules trough cPanel?

No, because CWAF plugin is much more functional. It's just another way for using Comodo protection rules embedded into cPanel since version 1.48.

Does this release make it possible for users with Mod Security icon in cPanel be able to turn off/on mod_security on their account?

Yes, cPanel ModSecurity implementation allow users to turn on/off mod_security for their selected domains. So if Comodo rules enabled as vendor, user can turn rules off.

--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline Hedloff

  • Comodo Loves me
  • ****
  • Posts: 152
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #3 on: March 10, 2015, 06:18:38 AM »
No, because CWAF plugin is much more functional. It's just another way for using Comodo protection rules embedded into cPanel since version 1.48.

Yes, cPanel ModSecurity implementation allow users to turn on/off mod_security for their selected domains. So if Comodo rules enabled as vendor, user can turn rules off.

- How much more functional are the plugin? What can you do that you cannot do in WHM vendor?
- Ok, great news! Will you be able to provide that feature with you plugin?

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14623
    • Video Blog
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #4 on: March 10, 2015, 06:21:20 AM »
great work guys!

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 275
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #5 on: March 10, 2015, 07:21:58 AM »
Hi Hedloff

- How much more functional are the plugin? What can you do that you cannot do in WHM vendor?

In CWAF Plugin you can control more mod_security options:
  • User Friendly Excludes Management: to enable/disable rules per-domain or globally
  • Protection Wizard: to turn off  needless protection rules and achieve performance boost
  • Mod Security Configuration: to change mod_security parameters, disable/enable mod_security for certain domains
  • Custom User Rules: to add custom security rules
  • Console Utility: to manage protection rules from operating system shell

- Ok, great news! Will you be able to provide that feature with you plugin?

We don't have enough customer requests about adding this feature.
In addition this feature can be source of security breach ( for example see this post: https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/very-serious-vulnerability-thas-was-not-stoped-t109956.0.html )

Offline plusplus

  • Newbie
  • *
  • Posts: 7
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #6 on: March 10, 2015, 09:03:41 AM »
Should we remove the plugin, disable it or what? if we wish install it this way through cpanel? Any procedure?

Thanx!

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 275
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #7 on: March 10, 2015, 09:42:26 AM »
Hi

Uninstall of plugin will restore your ModSecurity config (Use cd /var/cpanel/cwaf/scripts/ && ./uninstall_cwaf.sh).
This will restore Vendors functionality.

Offline pointaction

  • Newbie
  • *
  • Posts: 9
  • Programmers do not bite they just nibble a bit
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #8 on: March 10, 2015, 10:10:08 AM »
Thank you Comodo Team

It would be nice to integrate the additional Mod Security features in Comodo without have false positives.

Home »Security Center »Configure Global Directives

I have my own Project Honey Pot Http:BL API Key

See attached screenshot



[attachment deleted by admin]
Thank you,

VLee

Offline bgarrant

  • Newbie
  • *
  • Posts: 6
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #9 on: March 11, 2015, 06:24:16 AM »
So is it required to have the WAF Cpanel plugin installed in order to use the ModSecurity Vendor setup or does it just add a few nice extra features?  I installed the Vendor and all works great.  Just wondering if I need WAF as well since I use COnfigServer Firewall on this machine.  Also, will updates happen automatically I assume for the Vendor rules?
« Last Edit: March 11, 2015, 06:29:55 AM by bgarrant »

Offline bgarrant

  • Newbie
  • *
  • Posts: 6
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #10 on: March 11, 2015, 06:28:40 AM »
We manage whitelisting using ConfigServer ModSecurity Control.  Do we need the WAF cpanel plugin if we use that with the Vendor Rule setup?

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 275
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #11 on: March 11, 2015, 07:43:31 AM »
Hi

So is it required to have the WAF Cpanel plugin installed in order to use the ModSecurity Vendor setup or does it just add a few nice extra features?  I installed the Vendor and all works great.  Just wondering if I need WAF as well since I use COnfigServer Firewall on this machine.  Also, will updates happen automatically I assume for the Vendor rules?

You don't need CWAF plugin to use the ModSecurity Vendor. Moreover it's impossible to use Comodo rules as ModSecurity Vendor with CWAF plugin installed because it overwrites mod_security config.
We need to choose either Vendor or Plugin. So I guess ModSecurity Vendor plus ConfigServer Firewall will be enough  :)
Vendor rules updated automatically once a day by cPanel.

We manage whitelisting using ConfigServer ModSecurity Control.  Do we need the WAF cpanel plugin if we use that with the Vendor Rule setup?

No, plugin is not required.
« Last Edit: March 11, 2015, 07:48:11 AM by oleg.tsygany »

Offline pointaction

  • Newbie
  • *
  • Posts: 9
  • Programmers do not bite they just nibble a bit
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #12 on: March 11, 2015, 09:29:29 AM »
I am using Comodo Mod Security Vendor in cPanel on one server.

So far there is nothing listed in the hit list Home »Security Center »Hits List in WHM for 2 days now.

So either my server security it so good that Mod Security is not needed or Comodo Mod Security Vendor in cPanel is not working.

There is no plug is no plugin installed.


Thank you,

VLee

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #13 on: March 11, 2015, 10:00:55 AM »
Please, check:

# less /usr/local/apache/conf/modsec2.cpanel.conf

Are there cwaf_0x.conf files? Is SecRuleEngine "On" ?

Offline pointaction

  • Newbie
  • *
  • Posts: 9
  • Programmers do not bite they just nibble a bit
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #14 on: March 11, 2015, 10:06:22 AM »
I got it working now.

But now I get this error when I click on rule that shows up here Home »Security Center »Hits List below

Error: API failure: The vendor “comodo” is not set up.

How do I fix this?


Thank you,

VLee

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek