Author Topic: HUGE ip.pag Easyapache 3  (Read 594 times)

Offline oetaz

  • Newbie
  • *
  • Posts: 13
HUGE ip.pag Easyapache 3
« on: October 05, 2017, 03:11:33 AM »
Had an issue today with a really poor performing Apache, a cpanel ticket found the following issue related to the comodo WAF

A recent update of the COMODO rules dramatically increased the amount of data this third party vendors rules input to this cache file.

I found that your servers ip.pag file was over 70G in size. In order to temporarily resolve this issue, I moved the current cache file out of the way(mv /var/cpanel/secdatadir/ip.pag{,.bak}) and restarted the Apache service. After which I watched your server for a time to confirm the load remained low and stable. Since we are constrained from removing customer data, I recommend removing this file if you do not want it restored.

Due to the changes in the COMODO rules, this will likely fill up the ip.pag file again in a short time. In order to prevent this we recommend disabling the COMODO vendor ruleset and using the cPanel provided OWASP rules.

can you advise?

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: HUGE ip.pag Easyapache 3
« Reply #1 on: October 05, 2017, 09:55:58 AM »
Hello, possibly it's due to some of new rules. Please, check these topics.

https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/broken-update-t120671.0.html
« Last Edit: October 05, 2017, 11:25:32 AM by akabakov »

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 339
Re: HUGE ip.pag Easyapache 3
« Reply #2 on: October 05, 2017, 05:00:28 PM »
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline needsomehelp

  • Comodo Loves me
  • ****
  • Posts: 107
Re: HUGE ip.pag Easyapache 3
« Reply #3 on: December 30, 2017, 06:57:12 AM »
I don't use the plugin but the ohter can you tell me how to check what version please ? also how to update them i thought it was automatic.

Offline sbrazhnik

  • Newbie
  • *
  • Posts: 12
Re: HUGE ip.pag Easyapache 3
« Reply #4 on: January 04, 2018, 04:31:59 AM »
Hello,

There are two possible ways of Free ModSecurity Rules from Comodo usage with cPanel:
1. Activate the COMODO as a cPanel ModSecurity vendor as described below:
https://help.comodo.com/topic-212-1-670-8350-deploying-comodo-ModSecurity-rule-set-in-cpanel.html

In this case, the rule-set is updated automatically to the latest version by cPanel on daily basis.

2. Using the COMODO CWAF plug-in when the rule-set and plug-in version updates should be triggered on the cPanel manually. The currently installed versions can be checked on cPanel as well.
The detailed update process and version check descriptions are available at the link below:
https://help.comodo.com/topic-212-1-514-7944-.html

Important Note: cPanel ModSecurity Vendors are not compatible with CWAF plug-in. So, you can't use both in parallel for management of your protection rules. Also, don't activate both Comodo Rule Sets for Apache and LiteSpeed simultaneously to avoid conflicts.

Should you have any further questions, do not hesitate to ask.

Offline needsomehelp

  • Comodo Loves me
  • ****
  • Posts: 107
Re: HUGE ip.pag Easyapache 3
« Reply #5 on: January 04, 2018, 07:26:44 AM »
Hello,

There are two possible ways of Free ModSecurity Rules from Comodo usage with cPanel:
1. Activate the COMODO as a cPanel ModSecurity vendor as described below:
https://help.comodo.com/topic-212-1-670-8350-deploying-comodo-ModSecurity-rule-set-in-cpanel.html

In this case, the rule-set is updated automatically to the latest version by cPanel on daily basis.

2. Using the COMODO CWAF plug-in when the rule-set and plug-in version updates should be triggered on the cPanel manually. The currently installed versions can be checked on cPanel as well.
The detailed update process and version check descriptions are available at the link below:
https://help.comodo.com/topic-212-1-514-7944-.html

Important Note: cPanel ModSecurity Vendors are not compatible with CWAF plug-in. So, you can't use both in parallel for management of your protection rules. Also, don't activate both Comodo Rule Sets for Apache and LiteSpeed simultaneously to avoid conflicts.

Should you have any further questions, do not hesitate to ask.

What's that got to do with my problem ?

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 195
Re: HUGE ip.pag Easyapache 3
« Reply #6 on: January 04, 2018, 09:54:33 AM »
What's that got to do with my problem ?

    Hello needsomehelp.
    You can find what the latest CWAF rules version in the file "rules.dat", in the folder where CWAF rules located. Or by the link:
https://waf.comodo.com/user/cwaf_revisions.
    Tip to use CWAF plugin was about getting information when the latest CWAF rules or plugin update released. Also you can install CWAF agent in standalone mode:
https://help.comodo.com/topic-212-1-514-5936-Linux---Installing-the-Agent-in-Standalone-Mode.html
after this you could be able to check agent version, installed and available rules version and web platform run:

/path_to CWAF/cwaf/scripts/updater.pl -v

    More information about plugin which could be wery helpful you can get at:
https://help.comodo.com/topic-212-1-514-8310-Command-Line-Utility.html
https://help.comodo.com/topic-212-1-514-5935-Linux---Installing-the-Agent-and-Control-Panel-Plugin.html

Kind regards.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek