Author Topic: Comodo as a ModSecurity Vendor in cPanel  (Read 47086 times)

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #45 on: January 04, 2016, 04:29:28 AM »
I don't know what changed, nor why it can't create subdirectories. All used to work yesterday. Any ideas how to fix?
/usr/local/apache/logs/
When I reproduced this issue I found that permission on /usr/local/apache/logs/nobody should be changed from root to apache user (usually user "nobody").

Offline Hedloff

  • Comodo Loves me
  • ****
  • Posts: 156
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #46 on: January 04, 2016, 04:56:09 AM »
We're using your plugin and I had the same issue on one server that I just checked. I will check more now.
But it seems to be working if I create the nobody folder and give nobody permissions, but that will fill up that folder quickly.

So what I did was Audit Log Type from concurrent to serial and then mod_security started working again and I can see them in WHM.

So my big question is, what and who did change this? Comodo or cPanel?

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #47 on: January 04, 2016, 08:45:08 AM »
We're using your plugin and I had the same issue on one server that I just checked. I will check more now.
But it seems to be working if I create the nobody folder and give nobody permissions, but that will fill up that folder quickly.

So what I did was Audit Log Type from concurrent to serial and then mod_security started working again and I can see them in WHM.

So my big question is, what and who did change this? Comodo or cPanel?

I suppose that is a cPanel issue. What you see in WHM depends on how cPanel processes ModSecurity Logs.

Offline grantdb

  • Comodo Family Member
  • ***
  • Posts: 54
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #48 on: January 13, 2016, 08:19:32 PM »
I use Comodo ssl and now the vendor for ModSecurity thank you!

I am wondering if I still need to use cPHulk brute force protection at the same time as the Comodo vender enabled for ModSecurity?

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 279
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #49 on: January 14, 2016, 02:17:01 AM »
Hi

I'd rather recommend to use cPHulk protection because modsecurity have persistent storage issues.
(For reference see here: https://github.com/SpiderLabs/ModSecurity/issues/574)

Regards, Oleg

Offline grantdb

  • Comodo Family Member
  • ***
  • Posts: 54
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #50 on: January 14, 2016, 03:32:45 AM »
ok I disabled these:

05_Global_Incoming.conf
09_Bruteforce_Bruteforce.conf
11_HTTP_HTTPDoS.conf
14_Outgoing_FilterGen.conf
15_Outgoing_FilterASP.conf
16_Outgoing_FilterPHP.conf
17_Outgoing_FilterIIS.conf
18_Outgoing_FilterSQL.conf
19_Outgoing_FilterOther.conf
20_Outgoing_FilterInFrame.conf
21_Outgoing_FiltersEnd.conf

Enabled cPHulk, so should be good now?

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 279
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #51 on: January 14, 2016, 04:49:04 AM »
Yes, should be OK

Regards, Oleg

Offline grantdb

  • Comodo Family Member
  • ***
  • Posts: 54
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #52 on: January 14, 2016, 01:27:17 PM »
Thank you Oleg

Offline sasa4uk

  • Newbie
  • *
  • Posts: 1
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #53 on: January 21, 2016, 07:27:55 AM »
Hey [at]grantdb and [at]Oleg,
Sorry, but what cPhulk has to do with Modsecurity ?  They protect different applications, or am I missing something ?

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 279
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #54 on: January 21, 2016, 10:05:02 AM »
cPhulk is brute force protection for cPanel web server or services.
Modsecurity have brute force protection for cPanel web server but it works not good due persistent storage issue.
So I'd not recommend to use Modsecurity for this purpose.

cPhulk can be used to protect cPanel host, other software (for example ConfigServer Security & Firewall http://configserver.com/cp/csf.html ) to protect your web applications.

Regards, Oleg

Offline H0sseiN

  • Newbie
  • *
  • Posts: 8
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #55 on: April 22, 2016, 12:08:55 PM »
Hi,
I have a server with running litespeed webserver but using Apache configuration file now which rule set should I install Apache or litespeed?

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 339
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #56 on: August 16, 2017, 02:25:26 AM »
New rule set for ModSecurity v.2.9.2 has been added for Comodo ModSecurity Vendor in cPanel:


2.9.2:
  MD5: fc9b07c45d55db64a097d5fbf63b6f9c
  SHA512: 0b91ee55427f9bfa0aa4d918187926b3a04a1d966525cdcd9046ab4cc877d79591980deb88f9cd58f58fd0f2b1e8d5067a6c4cf681b2b3cbb22e6ca179cd3dc5
  distribution: comodo-apache-1133
  url: https://waf.comodo.com/api/cpanel_apache_vendor
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline sdzzds

  • Newbie
  • *
  • Posts: 6
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #57 on: September 02, 2017, 07:18:08 AM »
How add bulk exceptions to Comodo WAF working like vendor in Cpanel?  Some months ago I used the file:

/etc/apache2/conf.d/modsec/modsec2.cpanel.conf

Adding the rule id to:

##
## ModSecurity disabled rules:
##

But now it's not working.


I have tried to add to:


/var/cpanel/modsec_cpanel_conf_datastore

or

/var/cpanel/cwaf/etc/httpd/global/zzz_exclude_global.conf


But in the rules lis in WHM - Modsecurity Tools - Rules lists always are activated!!!

Thanks


Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #58 on: September 04, 2017, 03:34:54 AM »
Hello,

when you use Comodo ModSecurity vendor in cPanel you cannot use /var/cpanel/cwaf/etc/httpd/global/zzz_exclude_global.conf
This file works with CWAF-plugin only. You can turn off the configuration file with rule(s).

Offline sdzzds

  • Newbie
  • *
  • Posts: 6
Re: Comodo as a ModSecurity Vendor in cPanel
« Reply #59 on: September 04, 2017, 03:48:28 AM »
Hello

A how add bulk exceptions to Comodo WAF working like vendor in Cpanel?

If I have a server with 50 rules exception and I want to copy all exceptions instead of configure one by one, how should do it?

Thanks

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek