Free mod_security rules!

[Melih]

Click here to get Free Modsecurity rules

Web hosting industry is an important industry for Comodo.
Protecting web sites is an important function as attacks against websites increase and not only are the businesses running these websites are under attack, but visitors who use these websites are also vulnerable due to compromised web servers and web sites.

Mod_sec is a decent platform but without signatures/rules its not much use (ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules)](ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules)

There were some free mod_sec rules in the past that did a good job, albeit delayed it was decent, but it no longer is available. (Please note that Atomicorp no longer provides a free delayed version of its ModSecurity Rule set.)

Comodo is a company who sees the threat on daily basis on both sides of the fight, consumer side and business side. We see it in the consumer side because we protect tens of millions of users using our Antivirus products. We see it on the business site because we monitor and protect businesses and their website with products like www.hackerguardian.com and www.webinspector.com.

So, this puts Comodo in the position of most capable company who can produce the mod_sec rules and do so very effectively. And here we are, we decided to build the infrastructure and provide mod_sec rules for FREE! (there might be different variation in future but we will always provide some free version so that you can be secure).

Here is our promise to you: We will work with you to protect your web sites and web servers! Talk to us about problems/attacks you are facing and let us provide you mod_sec rules for free to protect yourself.

you can go ahead and get your mod_sec rules for free at http://modsecurity.comodo.com/

Free Mod_security Rules blog

cheers

Melih

[attachment deleted by admin]

[Melih]

BTW...

We are more than happy to focus on specific attack vectors,  and create custom virtual patches for these vulnerabilities.

So talk to us about these and we'll be more than happy to create these...(for free)...

Melih

[w-e-v]

One I install it, will it protect all my websites hosted under the same server, or do I have to create rules for each website?

[idem]

It will work for all sites on server by default, but you can limit it to specific sites if you want.

[George_Fusioned]

One I install it, will it protect all my websites hosted under the same server, or do I have to create rules for each website?

In case this is for cPanel, there's a great tool called ConfigServer ModSecurity Control (cmc) which allows you to control the domains you wish to protect (or not) with mod_security as well as see the mod_security logfile with detailed information about each entry. Additionally you can edit the mod_security conf files from there.

Check it out here: http://configserver.com/cp/cmc.html

[w-e-v]

Thank you both for your reply. I will give it a try.

[platinumservermanagement]

This is really great that comodo is providing a free set of modsecurity rules. Just wondering, how often are the rules updated? and how strict are they (will they cause a lot of false alarms with common scripts like WP, Joomla, etc)?

Thanks!

[Melih]

This is really great that comodo is providing a free set of modsecurity rules. Just wondering, how often are the rules updated? and how strict are they (will they cause a lot of false alarms with common scripts like WP, Joomla, etc)?

Thanks!

We have over 70M users with our Free antivirus products and FP is an important thing to watch for them too. Our AV labs are well trained to "hate FPs" .
Of course nothing is 100% and the key is, our AV labs guys are present here in this forum 24/7. If you get any FP, you can report via the application or come here and tell us, we'll see to it immediately and release patch.
How fast are the updates? As fast as a new vulnerability is found. We are constantly watching any new vulnerability, the second we find out, is the second we start writing the rules.

Our job is to protect you and your business.

Melih

[Melih]

we will have the new version of cpanel plugin available early next week! HURRAY

[Julien-WebTalkPRO]

Great! 0.32 btw are pretty smooth so far. 

[Melih]

Great! 0.32 btw are pretty smooth so far. 

Thanks Julien, good to hear.

I think the rules are pretty smooth now (thanks to you guys!).

New cpanel plugin will be released early next week and we hope it will be working nicely too...

then the work is about creating the fastest modsec rules...offer highest security with the least cpu cycles!

cheers

Melih

[Melih]

The latest version is now released.

Cpanel plugin supports the latest cpanel version and all seems to be working nicely (fingers crossed).

you can now install free modsecurity rules using our Comodo cpanel plugin at waf.comodo.com

please let us know if we can help in any way.

[Julien-WebTalkPRO]

1.0 cPanel Plugin working good so far. Nice!

[Melih]

1.0 cPanel Plugin working good so far. Nice!

hurray thanks for the confirmation Julien!

[w-e-v]

I want to give this a try, but I have 3 concise questions:

1. If I am running another panel other than cPanel, can I still use the Agent? If "yes", how can I access the WAF panel to manage and update the rules?
2. How can I apply the rules to only a few specific websites (virtual hosts), instead of ALL the websites?
3. Is there a tool or online service that can be used to do an "attack" and see Comodo WAF in action?


Thank you very much. I am very interested in this product.