Comodo WAF for DirectAdmin

[imaginable]

Is this plugin compatible with Direct Admin with OpenLiteSpeed? I've been in touch with Direct Admin support and they've forwarded me to this forum.

I'm trying to deploy a CentOS 7 server with Direct Admin and OpenLiteSpeed installed an installing ModSecurity + COMODO rules are a must. The problem is that I'm facing some issues doing it through the CWAF DA plugin, but it throws this error when accessing "Comodo WAF 2.24.3" in "Admin level":

Code: [Select]

cp: cannot stat '/etc/httpd/conf/extra/httpd-modsecurity.conf': No such file or directory
chown: cannot access '/usr/local/cwaf/conf/modsec2_plugin.conf': No such file or directory
can't read config /usr/local/cwaf/conf/modsec2_plugin.conf at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/ModSecurity.pm line 75.
Compilation failed in require at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 13.
BEGIN failed--compilation aborted at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 13.
Here is more info:

Code: [Select]

Installed version of DirectAdmin: 1.57.0
Installed version of Custombuild: 2.0.0 (rev: 2119)
Installed version of OpenLiteSpeed: 1.4.47
Installed version of Comodo WAF: 2.24.3
Here's the cwaf_install.log extract (I can send the full to you in private if needed):

Code: [Select]

29-05-2019 12:08:59 Starting the installation
29-05-2019 12:08:59 ----------------Checking Apache-----------------------
29-05-2019 12:08:59 Found APACHE2CTL ''
29-05-2019 12:08:59 No APACHECTL found
29-05-2019 12:08:59 WARNING: Syntax error in Apache config file
29-05-2019 12:08:59 No MODSECURITY detected
29-05-2019 12:08:59 ---------------Checking LiteSpeed---------------------
29-05-2019 12:08:59 Found LiteSpeed version 1.4.47 Open (built: Thu May  9 15:05:35 UTC 2019)
29-05-2019 12:08:59 Mod Security NOT supported in this version of LiteSpeed
29-05-2019 12:08:59 -----------------Checking Nginx-----------------------
29-05-2019 12:08:59 Nginx binary /usr/local/nginx/sbin/nginx not found!
29-05-2019 12:08:59 ------------------------------------------------------
29-05-2019 12:08:59 No suitable LiteSpeed/Nginx web servers found.
29-05-2019 12:08:59 Assigning WEB Platform: Apache
29-05-2019 12:08:59 No cPanel found
29-05-2019 12:08:59 No Plesk found
29-05-2019 12:08:59 Found DirectAdmin version v.1.57.0
29-05-2019 12:08:59 Using PERL /bin/perl
29-05-2019 12:08:59 Using CPAN /bin/cpan

Thank you in advance.

[maryprincyedward]

Hi,

Could you please send the whole log for this issue?

Thanks.

Is this plugin compatible with Direct Admin with OpenLiteSpeed? I've been in touch with Direct Admin support and they've forwarded me to this forum.

I'm trying to deploy a CentOS 7 server with Direct Admin and OpenLiteSpeed installed an installing ModSecurity + COMODO rules are a must. The problem is that I'm facing some issues doing it through the CWAF DA plugin, but it throws this error when accessing "Comodo WAF 2.24.3" in "Admin level":

Code: [Select]

cp: cannot stat '/etc/httpd/conf/extra/httpd-modsecurity.conf': No such file or directory
chown: cannot access '/usr/local/cwaf/conf/modsec2_plugin.conf': No such file or directory
can't read config /usr/local/cwaf/conf/modsec2_plugin.conf at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/ModSecurity.pm line 75.
Compilation failed in require at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 13.
BEGIN failed--compilation aborted at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 13.
Here is more info:

Code: [Select]

Installed version of DirectAdmin: 1.57.0
Installed version of Custombuild: 2.0.0 (rev: 2119)
Installed version of OpenLiteSpeed: 1.4.47
Installed version of Comodo WAF: 2.24.3
Here's the cwaf_install.log extract (I can send the full to you in private if needed):

Code: [Select]

29-05-2019 12:08:59 Starting the installation
29-05-2019 12:08:59 ----------------Checking Apache-----------------------
29-05-2019 12:08:59 Found APACHE2CTL ''
29-05-2019 12:08:59 No APACHECTL found
29-05-2019 12:08:59 WARNING: Syntax error in Apache config file
29-05-2019 12:08:59 No MODSECURITY detected
29-05-2019 12:08:59 ---------------Checking LiteSpeed---------------------
29-05-2019 12:08:59 Found LiteSpeed version 1.4.47 Open (built: Thu May  9 15:05:35 UTC 2019)
29-05-2019 12:08:59 Mod Security NOT supported in this version of LiteSpeed
29-05-2019 12:08:59 -----------------Checking Nginx-----------------------
29-05-2019 12:08:59 Nginx binary /usr/local/nginx/sbin/nginx not found!
29-05-2019 12:08:59 ------------------------------------------------------
29-05-2019 12:08:59 No suitable LiteSpeed/Nginx web servers found.
29-05-2019 12:08:59 Assigning WEB Platform: Apache
29-05-2019 12:08:59 No cPanel found
29-05-2019 12:08:59 No Plesk found
29-05-2019 12:08:59 Found DirectAdmin version v.1.57.0
29-05-2019 12:08:59 Using PERL /bin/perl
29-05-2019 12:08:59 Using CPAN /bin/cpan

Thank you in advance.

[imaginable]

Sure, I've seen that the install log doesn't include any sensitive information, so I think it's safe to attach it here.

Hi,

Could you please send the whole log for this issue?

Thanks.

[imaginable]

Is there any news on this? Feel free to contact me if you need more details/logs/info.

[zero-f]

Hi everyone
For more than a month, comodo rules has not been updated. (directadmin)
Updates were given much faster before
Is there a problem with this?
 

[sufiyanshaikh]

Hello,

I am facing one issue in Comodo WAF in DA

===========================
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client xxx.xx.xx.xxx] ModSecurity: Request body no files data length is larger than the configured limit (131072). [hostname "example.com"] [uri "/webservices/form_submit/"] [unique_id "XqL9CgEkOhrpnaeq7owABBQE"]
===========================


Please help me to solve this issue
I tired searching but I was not able to solve the issue because a solution is nowhere present for Comodo in DA.

[Cwaf_Team]

Hello,
you should update SecRequestBodyLimit to a bigger value.

[maxibi]

I got a blank page when install this plugin using apache_nginx as reverse proxy.

All folders are set to 755 and files are set to 644 in /usr/local/directadmin/plugins/comodo_waf

Both nginx and apache are running fine without error

Screenshot:



I did test whether mod_security is working of my site to see if the log is generated: curl "http://mywebsite.com/?q='1 OR 1=1"
I check tail -f /var/log/nginx/modsec_audit.log and seems like it's generated a log "[{"message":"COMODO WAF: SQLmap attack detected"

So seems like it's working detecting the rule but the plugin is blank on DA interface.

[maxibi]

After struggling doing magic thing to solve the blank page problem which has no log generated, Now I got the following error when heading to the waf GUI. Is there a way to fix this?

Can't locate CGI.pm: /usr/local/lib64/perl5/CGI.pm: Permission denied at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 3.
BEGIN failed--compilation aborted at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 3.

These are the things that I have done:

yum install perl-CGI (also I did yum remove perl-CGI and yum install perl-CGI)

Change the perl permission: chmod +x /usr/bin/perl

but non is working.. any idea ?

Edit:

Ok now I understand that CGI.pm is outdated technology and seems like the installation perl on CentOS 8 doesn't include this CGI.pm file https://perlhacks.com/2015/12/long-death-cgi-pm/ . Maybe we don't have this solution anymore?

So, I also heard from the DA support that this plugin has lack of support and they are going to drop it soon because too many complains about it which has never been solved (just the plugin support not the rule sets)

Good news to DA users, the new version of Directadmin will include a native MOD SECURITY UI but still use comodo ruleset. It has been release in the pre-release here: https://www.directadmin.com/features.php?id=2822

[Cwaf_Team]

unfortunately cwaf plugin available only in standalone mode

[RAPIDENET]

since fews days or fews weeks all directadmin server in the world cannot install or update comodo waf

look this topic :

https://forum.directadmin.com/threads/version-of-cwaf-rules-not-found-in-versions-cwaf-txt.63527/

why ?

[peterl]

Is this product dead?