Author Topic: Comodo rules for LiteSpeed  (Read 10763 times)

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 365
Re: Comodo rules for LiteSpeed
« Reply #15 on: April 09, 2015, 11:05:58 AM »
Where can we find rules changelog for Litespeed?

See that rules 1.22 is avaliable, but not sure what is updated in those rules?

Updates for Apache and Litespeed are the same in most cases, so you can always refer to the Apache rules updates changelog and find appropriate update by release date.
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/rules-updates-changelog-t101377.0.html

Offline Hedloff

  • Comodo Loves me
  • ****
  • Posts: 152
Re: Comodo rules for LiteSpeed
« Reply #16 on: June 16, 2015, 02:40:05 AM »
Guys! 
Brute Force on your Litespeed rules are still not working! They only cause pain and we have to disable those rules on the whole server.
Please get a working brute force rule updated for Litespeed asap. It did work in the start, you just messed it up sometime ago..... :-TD

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: Comodo rules for LiteSpeed
« Reply #17 on: June 16, 2015, 05:25:02 AM »
Please, check log-files.
May be brute force rules don't work because of "Failed to write to DBM file "/tmp/ip":"
Please, see this topic:

https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/failed-to-write-to-dbm-file-tmpip-t106018.0.html

Offline Hedloff

  • Comodo Loves me
  • ****
  • Posts: 152
Re: Comodo rules for LiteSpeed
« Reply #18 on: July 01, 2015, 04:48:34 PM »
Guys, please provide a fix/update!
I turned brute force off and back on again. It gives 403 now, but ip is not blocked.

Please also see attached file. Something in your rules are not working.

Logs:

82.220.34.3 - - [01/Jul/2015:22:45:26 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:26 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:26 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:26 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:26 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:26 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:26 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:26 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:27 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
82.220.34.3 - - [01/Jul/2015:22:45:28 +0200] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"



[attachment deleted by admin]

Offline Hedloff

  • Comodo Loves me
  • ****
  • Posts: 152
Re: Comodo rules for LiteSpeed
« Reply #19 on: July 03, 2015, 04:04:48 AM »
Now brute force is reacting on a different rule id!?

[attachment deleted by admin]

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 365
Re: Comodo rules for LiteSpeed
« Reply #20 on: July 03, 2015, 11:45:34 AM »
We will check this issue and I'll inform you in this thread.

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 338
Support for the new LiteSpeed 5.0 version
« Reply #21 on: July 22, 2015, 05:02:59 AM »
CWAF client starting from version 2.12 supports LiteSpeed 5.0.
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline Hedloff

  • Comodo Loves me
  • ****
  • Posts: 152
Re: Comodo rules for LiteSpeed
« Reply #22 on: August 10, 2015, 03:43:18 AM »
Brute force attacks are still not working. They are not picked up by CWAF and not blocked.
Any eta on a fix for this?

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: Comodo rules for LiteSpeed
« Reply #23 on: August 10, 2015, 11:20:21 AM »
Hello.

We've checked brute-force rules with LiteSpeed and test CMSs (Drupal, Typo3, WordPress) and got  "error 403".
So,  brute-force rules work.

Offline George_Fusioned

  • Newbie
  • *
  • Posts: 19
Re: Comodo rules for LiteSpeed
« Reply #24 on: August 25, 2015, 08:01:33 PM »
Hello,

I was using the Comodo WAF LiteSpeed rules without a problem (setup as a Vendor in cPanel) and all of a sudden I'm getting this error now:

Code: [Select]
[ModSecurity] unknown server variable while parsing: FILES
[ModSecurity] unknown server variable while parsing: ARGS_POST_NAMES
(also see attachment)

Does it have anything to do with the recent rule updates?
I've disabled 28_Apps_WPPlugin.conf & 31_Apps_OtherApps.conf for now and the error is gone.

Kind regards,
George

[attachment deleted by admin]

Offline oleg.tsygany

  • Comodo's Hero
  • *****
  • Posts: 275
Re: Comodo rules for LiteSpeed
« Reply #25 on: August 26, 2015, 02:33:35 AM »
Hello George.

Thank you for reporting. We have fixed this issue.
Please update to latest rules version (1.39)

With best regards, Oleg

Offline George_Fusioned

  • Newbie
  • *
  • Posts: 19
Re: Comodo rules for LiteSpeed
« Reply #26 on: August 26, 2015, 04:17:06 AM »
Thank you for the fast fix Oleg.

For anyone wondering how to update the rules when using the Comodo rules configured as a Modsecurity Vendor in cPanel, just run /scripts/upcp (https://documentation.cpanel.net/display/ALD/ModSecurity+Vendors#ModSecurityVendors-Enableordisableupdates) /usr/local/cpanel/scripts/modsec_vendor update --auto


Best regards,
George
« Last Edit: August 26, 2015, 04:21:22 AM by George_Fusioned »

Offline H0sseiN

  • Newbie
  • *
  • Posts: 8
Re: Comodo rules for LiteSpeed
« Reply #27 on: April 23, 2016, 04:52:14 AM »
Hi,
I have a server with running litespeed webserver but using Apache configuration file now which rule set should I install Apache or litespeed?

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 365
Re: Comodo rules for LiteSpeed
« Reply #28 on: April 25, 2016, 12:19:42 PM »
Hi,
I have a server with running litespeed webserver but using Apache configuration file now which rule set should I install Apache or litespeed?
You should use LiteSpeed rules set. It specially built for LiteSpeed web server.

Offline Hedloff

  • Comodo Loves me
  • ****
  • Posts: 152
Re: Comodo rules for LiteSpeed
« Reply #29 on: May 02, 2016, 02:03:31 PM »
Hi,
I have a server with running litespeed webserver but using Apache configuration file now which rule set should I install Apache or litespeed?

I would not recommend running CWAF on LiteSpeed.
You can't disable a domain from it and there are alot of false positives!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek