Comodo as a ModSecurity Vendor in cPanel

[vadim]

Comodo can now be easily installed as ModSecurity Vendor to cPanel for Apache and LiteSpeed platforms.

If your server is running  cPanel 11.48 and higher you may install Comodo as ModSecurity Vendor using the next steps:

• Go to Security Center -> ModSecurity Vendors.

• Click Add Vendor.

• Input one of URLs depending on your web-server:
  
  • Comodo ModSecurity Apache Rule Set: https://waf.comodo.com/doc/meta_comodo_apache.yaml
  • Comodo ModSecurity LiteSpeed Rule Set: https://waf.comodo.com/doc/meta_comodo_litespeed.yaml

• Click Load and then Save.

See also cPanel ModSecurity Vendors Requirements

Warnings:

• cPanel ModSecurity Vendors are not compatible with CWAF plugin. So, you can't use both in parallel for management your protection rules.
• Don't activate both Comodo Rule Sets for Apache and LiteSpeed simultaneously to avoid conflicts.

Release Notes:

• In the current version you can't report problems with Comodo rules through cPanel ModSecurity Tools.
• We don't recommend to enable two ModSecurity Vendors simultaneously to avoid possibly logical conflicts and performance issues.

Please send us your feedback to improve this feature.

[attachment deleted by admin]

[Hedloff]

So you recommend removing Comodo WAF plugin in WHM if we enable it as a vendor and use your rules trough cPanel?
Does this release make it possible for users with Mod Security icon in cPanel be able to turn off/on mod_security on their account?

[vadim]

So you recommend removing Comodo WAF plugin in WHM if we enable it as a vendor and use your rules trough cPanel?

No, because CWAF plugin is much more functional. It's just another way for using Comodo protection rules embedded into cPanel since version 1.48.

Does this release make it possible for users with Mod Security icon in cPanel be able to turn off/on mod_security on their account?

Yes, cPanel ModSecurity implementation allow users to turn on/off mod_security for their selected domains. So if Comodo rules enabled as vendor, user can turn rules off.

[Hedloff]

No, because CWAF plugin is much more functional. It's just another way for using Comodo protection rules embedded into cPanel since version 1.48.

Yes, cPanel ModSecurity implementation allow users to turn on/off mod_security for their selected domains. So if Comodo rules enabled as vendor, user can turn rules off.

- How much more functional are the plugin? What can you do that you cannot do in WHM vendor?
- Ok, great news! Will you be able to provide that feature with you plugin?

[Melih]

great work guys!

[oleg.tsygany]

Hi Hedloff

- How much more functional are the plugin? What can you do that you cannot do in WHM vendor?

In CWAF Plugin you can control more mod_security options:

• User Friendly Excludes Management: to enable/disable rules per-domain or globally
• Protection Wizard: to turn off  needless protection rules and achieve performance boost
• Mod Security Configuration: to change mod_security parameters, disable/enable mod_security for certain domains
• Custom User Rules: to add custom security rules
• Console Utility: to manage protection rules from operating system shell

- Ok, great news! Will you be able to provide that feature with you plugin?

We don't have enough customer requests about adding this feature.
In addition this feature can be source of security breach ( for example see this post: https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/very-serious-vulnerability-thas-was-not-stoped-t109956.0.html )

[plusplus]

Should we remove the plugin, disable it or what? if we wish install it this way through cpanel? Any procedure?

Thanx!

[oleg.tsygany]

Hi

Uninstall of plugin will restore your ModSecurity config (Use cd /var/cpanel/cwaf/scripts/ && ./uninstall_cwaf.sh).
This will restore Vendors functionality.

[pointaction]

Thank you Comodo Team

It would be nice to integrate the additional Mod Security features in Comodo without have false positives.

Home »Security Center »Configure Global Directives

I have my own Project Honey Pot Http:BL API Key

See attached screenshot



[attachment deleted by admin]

[bgarrant]

So is it required to have the WAF Cpanel plugin installed in order to use the ModSecurity Vendor setup or does it just add a few nice extra features?  I installed the Vendor and all works great.  Just wondering if I need WAF as well since I use COnfigServer Firewall on this machine.  Also, will updates happen automatically I assume for the Vendor rules?

[bgarrant]

We manage whitelisting using ConfigServer ModSecurity Control.  Do we need the WAF cpanel plugin if we use that with the Vendor Rule setup?

[oleg.tsygany]

Hi

So is it required to have the WAF Cpanel plugin installed in order to use the ModSecurity Vendor setup or does it just add a few nice extra features?  I installed the Vendor and all works great.  Just wondering if I need WAF as well since I use COnfigServer Firewall on this machine.  Also, will updates happen automatically I assume for the Vendor rules?

You don't need CWAF plugin to use the ModSecurity Vendor. Moreover it's impossible to use Comodo rules as ModSecurity Vendor with CWAF plugin installed because it overwrites mod_security config.
We need to choose either Vendor or Plugin. So I guess ModSecurity Vendor plus ConfigServer Firewall will be enough 
Vendor rules updated automatically once a day by cPanel.

We manage whitelisting using ConfigServer ModSecurity Control.  Do we need the WAF cpanel plugin if we use that with the Vendor Rule setup?

No, plugin is not required.

[pointaction]

I am using Comodo Mod Security Vendor in cPanel on one server.

So far there is nothing listed in the hit list Home »Security Center »Hits List in WHM for 2 days now.

So either my server security it so good that Mod Security is not needed or Comodo Mod Security Vendor in cPanel is not working.

There is no plug is no plugin installed.

[akabakov]

Please, check:

# less /usr/local/apache/conf/modsec2.cpanel.conf

Are there cwaf_0x.conf files? Is SecRuleEngine "On" ?

[pointaction]

I got it working now.

But now I get this error when I click on rule that shows up here Home »Security Center »Hits List below

Error: API failure: The vendor “comodo” is not set up.

How do I fix this?