Author Topic: Comodo WAF for DirectAdmin  (Read 21263 times)

Offline peterl

  • Newbie
  • *
  • Posts: 15
Re: Comodo WAF for DirectAdmin
« Reply #105 on: January 25, 2018, 12:08:24 PM »
The only reason I need to remove phpmyadmin being checked, is when you import .sql's, you can get 403's - on a support level, it's a pain...

I've used the Userdata>Whitelist URLS instead

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 178
Re: Comodo WAF for DirectAdmin
« Reply #106 on: January 25, 2018, 12:14:08 PM »
The only reason I need to remove phpmyadmin being checked, is when you import .sql's, you can get 403's - on a support level, it's a pain...

I've used the Userdata>Whitelist URLS instead

Hi peterl. If you will send to us modsec_audit.log for this event - it is possible that we will be able to fix this FP.

Offline aionets

  • Newbie
  • *
  • Posts: 2
Re: Comodo WAF for DirectAdmin
« Reply #107 on: July 15, 2018, 06:58:12 PM »
First let me thank you for this great work.

Would you please mention if there is an update for FreeBSD ?

Thank you

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 178
Re: Comodo WAF for DirectAdmin
« Reply #108 on: July 19, 2018, 05:40:12 AM »
Hello aionets. Please clarify what kind of updates for FreeBSD do you expect?
Recently we updated userdata files to improve work of excludes mechanism for all supported platforms.

Offline aionets

  • Newbie
  • *
  • Posts: 2
Re: Comodo WAF for DirectAdmin
« Reply #109 on: July 20, 2018, 03:55:58 AM »
Thank you for your reply,

I have FreeBSD, with NGiNX and phpfpm installed on my server and I tried to install Comodo WAF but I faced aome errors.

Would you please confirm if this plugin is compatible with my server ?


Thank you

Offline peterl

  • Newbie
  • *
  • Posts: 15
Re: Comodo WAF for DirectAdmin
« Reply #110 on: July 24, 2018, 12:58:39 PM »
I understand this is off-topic, but this is bugging me. I did post over on the DA forums, no resposes (yet).

I get this with wget
Code: [Select]
--2018-07-22 11:08:49--  https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
Resolving waf.comodo.com (waf.comodo.com)... 91.209.196.88
Connecting to waf.comodo.com (waf.comodo.com)|91.209.196.88|:443... connected.
ERROR: The certificate of `waf.comodo.com' is not trusted.
ERROR: The certificate of `waf.comodo.com' hasn't got a known issuer.
I get this on a Debian 7 system only..... Does this mean the CA root is missing? apt-get did remove a lot of root/cacerts in the recent update.

However, curl works fine.

Anyone seen this before?

I can wget other sites with ssl, just get the untrusted issue with Comodo.

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 178
Re: Comodo WAF for DirectAdmin
« Reply #111 on: July 30, 2018, 04:44:16 AM »
We'll investigate this event. Thank you.

Offline peterl

  • Newbie
  • *
  • Posts: 15
Re: Comodo WAF for DirectAdmin
« Reply #112 on: August 22, 2018, 05:37:20 AM »
Any updates on this...... I can confirm this is only a Debian 7 issue, tested on a clean box...... I understand Wheezy is EOL, although the repository is still active, but it is interesting this is happening.

Offline sbrazhnik

  • Newbie
  • *
  • Posts: 11
Re: Comodo WAF for DirectAdmin
« Reply #113 on: September 03, 2018, 11:20:15 AM »
Dear peterl,

We've managed to reproduce the reported issue on Debian 7.

Code: [Select]
$ wget -V
GNU Wget 1.13.4 built on linux-gnu.

$ root[at]fdd80e214426:/# wget https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
--2018-09-03 14:26:03--  https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
Resolving waf.comodo.com (waf.comodo.com)... 91.209.196.88
Connecting to waf.comodo.com (waf.comodo.com)|91.209.196.88|:443... connected.
ERROR: The certificate of `waf.comodo.com' is not trusted.
ERROR: The certificate of `waf.comodo.com' hasn't got a known issuer.

Obviously, it's related to wget 1.13 version which goes with Deb7. In order to fix the issue, please install the newer version of wget (e.g. 1.16).

Code: [Select]
$ wget http://ftp.gnu.org/gnu/wget/wget-1.16.tar.gz
$ tar -xvf wget-1.16.tar.gz
$ cd wget-1.16/
$ ./configure --with-ssl=openssl --prefix=/opt/wget
$ make
$ make install
$ mv /usr/bin/wget /usr/bin/bkp_wget
$ ln -s /opt/wget/bin/wget /usr/bin/wget
$ wget -V
GNU Wget 1.16 built on linux-gnu.

$ root[at]b3879a7c2ef6:/wget-1.16# wget https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
--2018-09-03 15:18:00--  https://waf.comodo.com/api/da_vendor?file=cwaf_rules-1.172.tgz
Resolving waf.comodo.com... 91.209.196.88
Connecting to waf.comodo.com|91.209.196.88|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 311926 (305K) [application/x-gzip]
Saving to: 'da_vendor?file=cwaf_rules-1.172.tgz'

da_vendor?file=cwaf_r 100%[=========================>] 304.62K   667KB/s   in 0.5s   

2018-09-03 15:18:01 (667 KB/s) - 'da_vendor?file=cwaf_rules-1.172.tgz' saved [311926/311926]

Also, make sure, you have ca-certificates installed.

Code: [Select]
$ apt-get install ca-certificates
Should you have any further questions, do not hesitate to ask.

Regards,
« Last Edit: September 03, 2018, 11:22:22 AM by sbrazhnik »

Offline peterl

  • Newbie
  • *
  • Posts: 15
Re: Comodo WAF for DirectAdmin
« Reply #114 on: September 03, 2018, 11:36:48 AM »
Thank you

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek