Author Topic: Comodo rules for LiteSpeed  (Read 9805 times)

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 334
Comodo rules for LiteSpeed
« on: March 18, 2014, 10:18:01 AM »
Initialization version of Comodo protection rules for LiteSpeed has been released.

You may login to Comodo WAF interface: https://waf.comodo.com

Choose source "LiteSpeed" and download latest rules (Latest release: 0.01).

Client agent and cPanel plugin with supporting of LiteSpeed will be released soon.



--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14588
    • Video Blog
Re: Comodo rules for LiteSpeed
« Reply #1 on: March 19, 2014, 02:57:04 PM »
good job guys!

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 334
Re: Comodo rules for LiteSpeed
« Reply #2 on: March 25, 2014, 04:30:55 AM »
Client Agent 1.5 with LiteSpeed support has been released:

You may download and install new client, available by link: https://waf.comodo.com/cpanel/cwaf_client_install.sh

If you already use Comodo WAF Client with Apache and you want switch to LiteSpeed:

  • Uninstall client agent: /var/cpanel/cwaf/scripts/uninstall_cwaf.sh
  • Download new version and install it choosing LiteSpeed platfor
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14588
    • Video Blog
Re: Comodo rules for LiteSpeed
« Reply #3 on: March 25, 2014, 04:47:03 AM »
Client Agent 1.5 with LiteSpeed support has been released:

You may download and install new client, available by link: https://waf.comodo.com/cpanel/cwaf_client_install.sh

If you already use Comodo WAF Client with Apache and you want switch to LiteSpeed:

  • Uninstall client agent: /var/cpanel/cwaf/scripts/uninstall_cwaf.sh
  • Download new version and install it choosing LiteSpeed platfor

great work guys.

now we are fully supporting Litespeed!

Melih

Offline drensmith

  • Comodo's Hero
  • *****
  • Posts: 210
Re: Comodo rules for LiteSpeed
« Reply #4 on: March 27, 2014, 04:59:36 PM »
i only have cis. do i need this? i have win 7.  thanks

Offline needsomehelp

  • Comodo Family Member
  • ***
  • Posts: 89
Re: Comodo rules for LiteSpeed
« Reply #5 on: April 06, 2014, 08:26:50 AM »
Hi i am new here and really need a little help please.

I found the script for litespeed rules here https://waf.comodo.com/cpanel/cwaf_client_install.sh but wanted to know how i use it or install the plugin for cpanel ?

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 334
Re: Comodo rules for LiteSpeed
« Reply #6 on: April 07, 2014, 03:17:21 AM »
Hi i am new here and really need a little help please.

I found the script for litespeed rules here https://waf.comodo.com/cpanel/cwaf_client_install.sh but wanted to know how i use it or install the plugin for cpanel ?

Hello

First, you need to login your Comodo WAF web-interface: https://waf.comodo.com/

If you still don't have account, you may sign-up to the service here: https://accounts.comodo.com/cwaf/management/signup

COMODO Web Application Firewall - No Card Required!

After successful registration you may find documentation, client program and rules on your account page.

--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline azharimad

  • Newbie
  • *
  • Posts: 2
Re: Comodo rules for LiteSpeed
« Reply #7 on: April 19, 2014, 03:10:22 PM »
Hi,

We have false alarm for operamini

[Sun Apr 20 01:35:59 2014] [error] [client 82.145.216.243] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:CLIENT_IP|REQUEST_HEADERS:FORWARDED|REQUEST_HEADERS:FORWARDED_FOR|REQUEST_HEADERS:X_FORWARDED|REQUEST_HEADERS:X_FORWARDED_FOR' '[at]rx \'|\"'] [ID: 220590] [Msg: COMODO WAF: found CVE 2014-1401 attack]

i tried disable 220590 but rule still blocked operamini

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Comodo rules for LiteSpeed
« Reply #8 on: May 07, 2014, 09:31:04 AM »
Hi,

We have false alarm for operamini

[Sun Apr 20 01:35:59 2014] [error] [client 82.145.216.243] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:CLIENT_IP|REQUEST_HEADERS:FORWARDED|REQUEST_HEADERS:FORWARDED_FOR|REQUEST_HEADERS:X_FORWARDED|REQUEST_HEADERS:X_FORWARDED_FOR' '[at]rx \'|\"'] [ID: 220590] [Msg: COMODO WAF: found CVE 2014-1401 attack]

i tried disable 220590 but rule still blocked operamini

Will be fixed with next update.

Offline webking_amsterdam

  • Newbie
  • *
  • Posts: 5
Re: Comodo rules for LiteSpeed
« Reply #9 on: June 30, 2014, 06:57:33 AM »
For shared hosting activities we wanted to use Comodo WAF on a VPS with CloudLinux, cPanel/WHM, WHMCS, Installatron and (important!) also Litespeed.

As Comodo WAF requires ModSecurity we first rebuilt Apache/php in WHM/cPanel with EasyApache to include Mod_security. Subsequently we noticed in WHM/cPanel a ModSecurity plugin apparently the EasyApache ModSecurity interface.

Because of Litespeed causing on our WordPress websites with an installed Wordfence plugin continuously ( not stopping ) Wordfence scanner(s) after some research we were pointed to using Comodo WAF + ModSecurity + Cloudflare as a superior solution replacing Wordfence.

After 'installing' ModSecurity' ( via EasyApache ) Litespeed started displaying the following error message:
 
ERROR   [ModSecurity] unknown server variable while parsing: MULTIPART_STRICT_ERROR

On the Litespeedtech forum we received a reply to this - basically an unimportant 'hickup' of Litespeed not being 100 % compatible with ModSecurity:

Initially not fully understanding the difference between Configserver Firewall already installed on our VPS and Comodo WAF confused and concerned whether this would work together with Comodo WAF or if any other add-ons were required. The answer is that both can work together well ! See the post for more info:

http://www.webhostingtalk.com/showthread.php?t=1377615  - post of webking57

Subsequently after registering a user account at waf.comodo.com and following the install instructions for the WHM/cpanel agent ( from Comodo WAF ) was simple and straightforward.

In 'Comodo WAF' interface located under the plugin section of WHM/cpanel however we do not see the 'Exclude rules' tab as depicted in the Comodo WAF Administrator Guide but see a new 'Security Engine' tab.

Our two questions are:

(1) do we need to 'download' any additional rules for Litespeed to update the 'rules version 1.1.0' using main panel: https://waf.comodo.com ???

The above rules ( version 1.1.0 ) were installled by clicking on a black icon ( "download rules 1.1.0" ) on the right side of the 'Current Rules Version' in the Main Tab of the WHM/cPanel Comodo Waf interface and after that prominently displaying that version there !

(2) as we do not seem to have an "Exclude Rules Tab' in our Comodo Waf interface in WHM/CPanel how can we exclude any rules etc. ?


Did we make a mistake installing these rules 1.1.0 through the black install button ?

Are these rules the appropriate rules for Litespeed ?

Sorry we overlooked the instructions given as a reply by poster TDmitry !

How can we delete 'wrong' rules ( if wrong ) and install the right Litespeed rules ... ?



« Last Edit: July 05, 2014, 06:29:22 AM by webking_amsterdam »

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 364
Re: Comodo rules for LiteSpeed
« Reply #10 on: July 01, 2014, 09:38:38 AM »
1) There are 2 different mod_security rulesets: for apache and litespeed. If you use apache ruleset, there will be errors after switching to litespeed.
2) Litespeed can operate with  mod_security. Please, try to do next steps:
a) wget https://waf.comodo.com/cpanel/cwaf_client_install.sh to download installer;
b) bash cwaf_client_install.sh to install rules and scripts.
All files will be installed in /var/cpanel/cwaf. To update rules you can run /var/cpanel/cwaf/scripts/updater.pl. Also in your WHM in a section Plugins will be a subsection Comodo WAF, where you can manage your settings and make client and rules update.
3) I think it is because of difference between apache and litespeed rulesets

Offline webking_amsterdam

  • Newbie
  • *
  • Posts: 5
Re: Comodo rules for LiteSpeed
« Reply #11 on: July 11, 2014, 06:01:28 AM »
Our experiences so far installing Comodo WAF - Overcoming beginners' problems.

And how not to get 'locked' out of your VPS ( URL hostname ), not loose WHM/cPanel (https) access and  WHMCS ( admin panel ) access and avoid no longer seeing your hosted websites on the WWW ?

Our VPS server hostname is: serverx1.abcdef.net
Our server IP is: 123.456.789.112
WHMCS is installed on: www.abcdef.net
WHMCS admin login is at: www.abcdef.net/whmcs/
And three websites in three cPanel user accounts:
www.efg.com - WordPress site
www.hij.net - WordPress site
www.spqr.org - WordPress site

Installing Comodo WAF proceeded without problems on a VPS with WHM/cPanel, WHMCS, Installatron, ConfigServer Firewall, mod_security ( EasyApache add on and WHM plug-in) twice over. First time with Litespeed webserver and second time with Apache webserver with exactly the same problem(s). De-installing the Comodo WAF cPanel plug-in and removing the string from /modsec.conf using the instructions from section 2.2.5 from the below manual did not solve our problems. Using a server snapshot we had to go back in time and by luckily remembering our 'old' server log in details could we regain 'control' again and restart afresh building up our server !

For installation we followed the instructions in the Comodo WAF Administrator Guide.

In the appearing WHM/cPanel Comodo WAF plugin interface we then:
- updated the 'rules' by pressing on the black button
- changed the settings to 4 debug level and
- turned on the security engine in a next tab
We did however not whitelist anything etc. assuming our settings on the VPS in Configserver Firewall would be included ….

Twice over ( with Litespeed and with Apache webserver after complete re-install) we got the following error messages when shortly after installation of Comodo WAF we proceeded with WHMCS admin and after making some changes and trying to save:

"Forbidden: You don't have permission to access www.abcd.com/whmcs/configserver.php on this server.
Additionally a 404 error .... Apache 2.49 etc )

Googling this indicated a Mod_scurity rule error ...

Nowhere did we find or read any warnings nor see understandable instructions on how to properly proceed after installing Comodo WAF with the above disastrous outcome.

Comodo WAF and Mod_security are apparently that effective that all network access to your VPS server URL, WHM/Cpanel and hosted websites can be closed off from the WWW.

Can you please  - for the not so experienced or enlightened - give clear understandable step by step instructions on what to do and what to enter in the Comodo WAF cPanel interface ? For this we have given our server and website details ..?

Our next concern is: how complex and nerve wrecking will properly maintaining the Mod_security rules and exceptions be in practice ?
I am seeing a multitude of forum web posts on various errors Mod_security related errors ?

For the moment we have returned to Configserver Firewall, phpHulk Buute force, de-installed Mod_Security ( Easy Apache rebuild ) and use Wordfence plug-in for the WordPress sites. This works well and is easy to understand.

With Litespeed we experienced a lot of problems. Much to our regret this company - despite relentless attempts and endless correpondence, vague assurances - apart from not so useful general instructions is unwilling to log into servers nor offer on hands problem solving. We have for the moment 'switched' off Litespeed.


« Last Edit: July 11, 2014, 06:26:43 AM by webking_amsterdam »

Offline webking_amsterdam

  • Newbie
  • *
  • Posts: 5
Re: Comodo rules for LiteSpeed
« Reply #12 on: July 11, 2014, 06:28:40 AM »
Our experiences so far installing Comodo WAF - Overcoming beginners' problems.

And how not to get 'locked' out of your VPS ( URL hostname ), not loose WHM/cPanel (https) access and  WHMCS ( admin panel ) access and avoid no longer seeing your hosted websites on the WWW ?

Our VPS server hostname is: serverx1.abcdef.net
Our server IP is: 123.456.789.112
WHMCS is installed on: www.abcdef.net
WHMCS admin login is at: www.abcdef.net/whmcs/
And three websites in three cPanel user accounts:
www.efg.com - WordPress site
www.hij.net - WordPress site
www.spqr.org - WordPress site

Installing Comodo WAF proceeded without problems on a VPS with WHM/cPanel, WHMCS, Installatron, ConfigServer Firewall, mod_security ( EasyApache add on and WHM plug-in) twice over. First time with Litespeed webserver and second time with Apache webserver with exactly the same problem(s). De-installing the Comodo WAF cPanel plug-in and removing the string from /modsec.conf using the instructions from section 2.2.5 from the below manual did not solve our problems. Using a server snapshot we had to go back in time and by luckily remembering our 'old' server log in details could we regain 'control' again and restart afresh building up our server !

For installation we followed the instructions in the Comodo WAF Administrator Guide.

In the appearing WHM/cPanel Comodo WAF plugin interface we then:
- updated the 'rules' by pressing on the black button
- changed the settings to 4 debug level and
- turned on the security engine in a next tab
We did however not whitelist anything etc. assuming our settings on the VPS in Configserver Firewall would be included ….

Twice over ( with Litespeed and with Apache webserver after complete re-install) we got the following error messages when shortly after installation of Comodo WAF we proceeded with WHMCS admin and after making some changes and trying to save:

"Forbidden: You don't have permission to access www.abcd.com/whmcs/configserver.php on this server.
Additionally a 404 error .... Apache 2.49 etc )

Googling this indicated a Mod_scurity rule error ... Initially we though another Litespeed related error but also appearing in Apache webserver the second time round. It seems swithing the security engine to on had  an effect !

Nowhere did we find or read any warnings nor see understandable instructions on how to properly proceed after installing Comodo WAF with the above disastrous outcome.

Comodo WAF and Mod_security are apparently that effective that all network access to your VPS server URL, WHM/Cpanel and hosted websites can be closed off from the WWW.

Can you please  - for the not so experienced or enlightened - give clear understandable step by step instructions on what to do and what to enter in the Comodo WAF cPanel interface ? For this we have given our server and website details ..?

Our next concern is: how complex and nerve wrecking will properly maintaining the Mod_security rules and exceptions be in practice ?
I am seeing a multitude of forum web posts on various errors Mod_security related errors ?

For the moment we have returned to Apache webserver, Configserver Firewall, phpHulk Buute force, de-installed Mod_Security ( Easy Apache rebuild ) and use Wordfence plug-in for the WordPress sites. This works well and is easy to understand.

We need to fully understand how to set up Comodo WAF initially with Apache webserver then we might attempt using Litespeed webserver again.

 
« Last Edit: July 11, 2014, 07:43:39 AM by webking_amsterdam »

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 364
Re: Comodo rules for LiteSpeed
« Reply #13 on: July 11, 2014, 07:44:24 AM »
Please, open ticket at https://support.comodo.com/ in WAF Support section and give us, if it's possible, logs from your "old" server.

Offline Hedloff

  • Comodo Loves me
  • ****
  • Posts: 149
Re: Comodo rules for LiteSpeed
« Reply #14 on: April 09, 2015, 09:28:17 AM »
Where can we find rules changelog for Litespeed?

See that rules 1.22 is avaliable, but not sure what is updated in those rules?

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek