Comodo rules for LiteSpeed

[ezynic]

So how is Litespeed support these days? Is brute force working? How about excluding domains? I've just had it with Atomicorp's attitude and switched a server to Comodo. Working fine so far...

[Melih]

So how is Litespeed support these days? Is brute force working? How about excluding domains? I've just had it with Atomicorp's attitude and switched a server to Comodo. Working fine so far...

welcome to Comodo ezynic!

We support Litespeed. If you have any specific requirement please feel free to tell us so that we can get it done for you asap.

we are here to serve you.

[Hedloff]

Think brute force is still working.
But there is alot of issues with EA4 and CWAF atm.

I got a reponse from their staff that it will not be supported from Comodo to exclude/disable domains.
So currently we're checking other vendors for mod_security rules on LiteSpeed servers.

[vadim]

Hello Hedloff

Think brute force is still working.
But there is alot of issues with EA4 and CWAF atm.

I got a reponse from their staff that it will not be supported from Comodo to exclude/disable domains.
So currently we're checking other vendors for mod_security rules on LiteSpeed servers.

We didn't detect any issues with exclude/disable domains for cPanel + LiteSpeed + CWAF configuration. Possibly it's related to the last LiteSpeed updates.

We'll review this issue and release the new CWAF agent version. We will be grateful to you if you can provide us your current configuration (cPanel, LiteSpeed asd CWAF plugin versions).

Please also create support ticket here: https://support.comodo.com/index.php?/Tickets/Submit (WAF Support)

And we'll provide you direct support to resolve this issue on your web-servers.

[ezynic]

I got a reponse from their staff that it will not be supported from Comodo to exclude/disable domains.

Have you tried Configserver's Modsec Control? That's what I was using to exclude Atomicorp rules. It would be a disappointment if that stopped working.

[akabakov]

How to exclude ModSecurity for domain under cPanel and LiteSpeed?
As an example lets use domain joomla-ls.labtest.
Exlude usually is located at /var/cpanel/cwaf/etc/httpd/domains/000_exclude_joomla-ls.labtest\:80.conf It contains:

Code: [Select]

SecRule SERVER_NAME "(?:.*\.)?mail\.joomla-ls\.labtest(?::80)?|(?:.*\.)?www\.joomla-ls\.labtest(?::80)?|(?:.*\.)?joomla-ls\.labtest(?::80)?" "phase:1,nolog,noauditlog,allow,ctl:ruleEngine=Off,id:10001"
Such file is usually created after domain exclude in CWAF-plugin. For Apache it works, LiteSpeed 'reads' this file, but not uses it. To work with LiteSpeed code above should be located in /etc/apache2/conf.d/includes/post_virtualhost_global.conf (EA4) or in /usr/local/apache/conf/includes/post_virtualhost_global.conf (EA3) for any domain(s) user needs to exclude.
Also /var/cpanel/cwaf/etc/httpd/domains/000_exclude_joomla-ls.labtest\:80.conf and other file(s) should be removed to avoid existing rules with the same id. If this files exists LiteSpeed will work, but CWAF-plugin won't. Also if LiteSpeed is changed by Apache, it also won't work.

[Hedloff]

akabakov: It would be great if you could get this in your agent so we don't have to this manually to get it working.
Everything we have to do manually is not worth it. Then it's better to have no WAF rules at all.

[akabakov]

It would be great if you could get this in your agent so we don't have to this manually to get it working.
Everything we have to do manually is not worth it. Then it's better to have no WAF rules at all.

We'll try to include this in agent. Work is in progress.

[Hedloff]

Great NEWS!
Any idea/eta when new agent will be launched for this and/or fix EA4 issues?

[vadim]

Great NEWS!
Any idea/eta when new agent will be launched for this and/or fix EA4 issues?

Related fix will be included into the next version of CWAF plugin. We plan to release it this month.

[H0sseiN]

Hello,

we have error 403 error when we are editing posts in wordpress with last update.

[TDmitry]

Hello,

we have error 403 error when we are editing posts in wordpress with last update.

Is this can be related with cPanel update?

[H0sseiN]

Is this can be related with cPanel update?

Maybe, because cpanel version is also the latest version 62.0 (build 20) but the problem will solved when I disable COMODO ModSecurity LiteSpeed Rule Set

[ezynic]

I had to disable rule 217270 because it was causing hundreds of false positives.

[Hedloff]

I had to disable rule 217270 because it was causing hundreds of false positives.

Yes, I also had to disable it.
But after last rule update alot of categories where enabled and this rule was in one of those categories that we had disabled before. So I disabled it again and everything is working fine again.