Free mod_security rules!

[vadim]

1. If I am running another panel other than cPanel, can I still use the Agent? If "yes", how can I access the WAF panel to manage and update the rules?

Yes, you may install standalone scripts:

Cpanel installation hasn't been found.
You may install standalone scripts.

Continue installation [y/n]:

In that case you will be able to access:

• console update script, e.g. path /opt/cwaf/scripts/updater.pl
• WAF web interface: https://waf.comodo.com

See more here:
https://waf.comodo.com/doc/Comodo_Web_Application_Firewall_Quick_Start_Guide.pdf
https://waf.comodo.com/doc/Comodo_Web_Application_Firewall_Admin_Guide.pdf

2. How can I apply the rules to only a few specific websites (virtual hosts), instead of ALL the websites?

If you don't use cPanel with CWAF plugin, you need to edit Apache configuration files.

See example of solution here: http://serverfault.com/questions/487329/enable-mod-security-for-only-one-website

3. Is there a tool or online service that can be used to do an "attack" and see Comodo WAF in action?

Basically, you may use web-browser to send some hackers requests, trying SQL injection or XSS. Or try to use some kind of vulnerability scanner, like Comodo Hacker Guarduan: http://www.hackerguardian.com/

[designcentre]

Found CPanel installation.
Continue installation [y/n]: y
Path to perl packages
PERL - /usr/local/cpanel/3rdparty/bin/perl
CPAN - /usr/local/cpanel/3rdparty/perl/514/bin/cpan

Check perl dependencies...      [OK]
Check Apache HTTP installation...        [OK] (2.2)
Check Mod_Security installation...      [OK]
Decompress Comodo WAF package.../usr/bin/tail: cannot open `..//root/cwaf_client_install.sh' for reading: No such file or directory

gzip: stdin: unexpected end of file
/bin/tar: Child returned status 1
/bin/tar: Error is not recoverable: exiting now
        [OK]

Enter CWAF connection data
--------------------------

Enter CWAF user: xxxxxxxxxxxxx
Enter CWAF password: xxxxxxxxxxxxx
Prepare Comodo WAF configuration...
Comodo WAF Perl modules package not found.
Installation aborted

[httpEasy]

Found CPanel installation.
Continue installation [y/n]: y
Path to perl packages
PERL - /usr/local/cpanel/3rdparty/bin/perl
CPAN - /usr/local/cpanel/3rdparty/perl/514/bin/cpan

Check perl dependencies...      [OK]
Check Apache HTTP installation...        [OK] (2.2)
Check Mod_Security installation...      [OK]
Decompress Comodo WAF package.../usr/bin/tail: cannot open `..//root/cwaf_client_install.sh' for reading: No such file or directory

gzip: stdin: unexpected end of file
/bin/tar: Child returned status 1
/bin/tar: Error is not recoverable: exiting now
        [OK]

Enter CWAF connection data
--------------------------

Enter CWAF user: xxxxxxxxxxxxx
Enter CWAF password: xxxxxxxxxxxxx
Prepare Comodo WAF configuration...
Comodo WAF Perl modules package not found.
Installation aborted

I encountered the same issue. Would it help to change the script

if [ ! -r Comodo-CWAF.tar.gz ]; then
    echo -e "\nComodo WAF Perl modules package not found."
    do_exit 1
  fi
           
  $TAR_BIN -zxf Comodo-CWAF.tar.gz

and rename all instances of the package name to cwaf_rules-0.3x.tgz?

[vadim]

I encountered the same issue. Would it help to change the script

Hello

Seems you started installation script from another directory.

Please try to change directory before starting script, e.g.


cd /root
bash cwaf_client_install.sh


Documentation and installation instructions will be expanded in the near future.

[Valentin N]

very interesting! As I will learn to webprogram this might be very very useful as well as helpful tool. Great done!

[httpEasy]

Hello

Seems you started installation script from another directory.

Please try to change directory before starting script, e.g.


cd /root
bash cwaf_client_install.sh

Nope. I ran it from root and the error occurred after connecting to waf. Anyway, now it seems to work.

[designcentre]

Hello

Seems you started installation script from another directory.

Please try to change directory before starting script, e.g.


cd /root
bash cwaf_client_install.sh

I was exactly the same I started the script as per instructions from root folder...but all good this morning & installed nicely onto the cPanel server. Now to keep an eye on the logs - Thanks again

Documentation and installation instructions will be expanded in the near future.

[Je1te]

Thanks Comodo for offering this service for free! The admin guide of the WAF states "Currently CWAF is designed for and has been tested on Apache on Linux servers. The firewall versions for other server types are coming shortly. ". Does anyone know about the compatibility of the rules with nginx? And is there a chance that the rules will also be tested on nginx in the future?

[pgzn]

To quote the VP, this is a huge f-ing deal. Glad I found this after a year of occasional searching. Gotroot left low margin hosts to the wolves with no warning.

[Melih]

Thanks Comodo for offering this service for free! The admin guide of the WAF states "Currently CWAF is designed for and has been tested on Apache on Linux servers. The firewall versions for other server types are coming shortly. ". Does anyone know about the compatibility of the rules with nginx? And is there a chance that the rules will also be tested on nginx in the future?

one by one we are testing with it all. next is litespeed, then nginx.

[Je1te]

one by one we are testing with it all. next is litespeed, then nginx.

That's good news, thanks!

[pthirose]

First, thank you for providing this.  Finding a good set of baseline rules that don't create a bunch of false neg/pos is always difficult.

Are most of you switching from OWASP CRS to Comodo or are you starting new?  I'm curious how the Comodo ruleset compares to the CRS.  There is a separate post comparing performance against commercial/paid rules, and I thought it interesting there was a column for "no rules" (why run mod_security w/out rules?).

However, I'm more interested in comparing against CRS.  IMO, CRS is sorta the baseline, especially in the free realm.

I'm new to this.  I'm not running cPanel or anything, just straight-up Apache 2.2.x and mod_security 2.8.  Until now, I was just using CRS/2.2.9.

If anyone has any opinion on Comodo free rules vs the OWASP CRS rules, I'd greatly appreciate hearing your take on both.

Thank you,
PH

[mommaroodles]

Hello

I also have Mod Security 2.8 and I get warning message after starting the installation saying that it had not been tested with mod security 2.08 - now I'm wondering, is it ok to install despite the warning message or do I use the OWASP rules.

I'd appreciate it if someone could please tell me if its ok to use with Mod Security 2.8.

[akabakov]

Modsecurity 2.8.0 works with Comodo rules.

[crownhost]

Hi,
Are these just the core rules or Comodo's own rules?
Can anyone here using these rules on a cpanel server comment on their usefulness please?