Author Topic: Wish List (Please post your wishes here)  (Read 14721 times)

Offline ISMark

  • Newbie
  • *
  • Posts: 3
Re: Wish List (Mod Security Configuration in Mod Security Configuration)
« Reply #60 on: December 19, 2017, 02:54:23 PM »
WordPress websites that use a builder plugin like Elegant Themes Divi, have sometimes not been working properly when using the builder. In most cases, the failure happens on pages with a lot of rich content, like slideshows. Unfortunately, even though the action is blocked by Mod Security, it doesn't trigger a rule notice. However, the error is recorded in the apache/logs/error_log file. The error also dissapears when disabling the Comodo WAF rules in WHM. The error that is being written to the error_log file is 'ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified)'.

The fix I've used it to add these two lines to the apache/conf/modsec2.conf file:
  SecResponseBodyLimit 536870912
  SecRequestBodyInMemoryLimit 536870912

This changes the default limit from 512KB to 512MB, which may be overkill, but I haven't tested a lower limit yet.

After I add the change, the WAF Comodo > Security Engine tab,  displays this message in red:
Custom Mod Security configuration found!
Press "Update config" button to update it with values from this screen.
After update, backup of current configuration could be found in: /usr/local/apache/conf/modsec2.conf.custom


There are two problems that need to be addressed:
1. A webpage error caused by a Mod Security limitation is more difficult to determine because it doesn't report an error in the Mod Tools log.
2. Adding fields to customize the SecResponseBodyLimit and SecRequestBodyInMemoryLimit to the Security Engine settings would be helpful.

Problem 1 may be more difficult to implement, but problem 2 should be easier as there already are customizable settings for PCRE Match. And since the WAF Comodo control panel is reporting a custom configuration and asks to reset it to the default, this could inadvertently be set back to default by sysadmin that may not remember why the file is customized.

Please implement a solution to problem 2 asap, and if you could determine a way to track and report the 'Response body too large' error, it would make problem solving this issue much easier.

Thank you for looking into this!

Offline Billy Leeds

  • Comodo Member
  • **
  • Posts: 42
Re: Wish List (Please post your wishes here)
« Reply #61 on: December 19, 2017, 10:01:18 PM »
I'd like to be able to watch twitter video clips and play sounds from bandcamp.com.
I'd like this browser to stop closing if I leave my laptop for more than an hour. Means I have to reload extensions. Why can't you save them?
Just keep the browser open, if I'm not there...GRR

All this happening since the last update  -seriously getting pished off with this browser >:(

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Wish List (Mod Security Configuration in Mod Security Configuration)
« Reply #62 on: December 20, 2017, 12:14:56 PM »
WordPress websites that use a builder plugin like Elegant Themes Divi, have sometimes not been working properly when using the builder. In most cases, the failure happens on pages with a lot of rich content, like slideshows. Unfortunately, even though the action is blocked by Mod Security, it doesn't trigger a rule notice. However, the error is recorded in the apache/logs/error_log file. The error also dissapears when disabling the Comodo WAF rules in WHM. The error that is being written to the error_log file is 'ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified)'.

The fix I've used it to add these two lines to the apache/conf/modsec2.conf file:
  SecResponseBodyLimit 536870912
  SecRequestBodyInMemoryLimit 536870912

This changes the default limit from 512KB to 512MB, which may be overkill, but I haven't tested a lower limit yet.

After I add the change, the WAF Comodo > Security Engine tab,  displays this message in red:
Custom Mod Security configuration found!
Press "Update config" button to update it with values from this screen.
After update, backup of current configuration could be found in: /usr/local/apache/conf/modsec2.conf.custom


There are two problems that need to be addressed:
1. A webpage error caused by a Mod Security limitation is more difficult to determine because it doesn't report an error in the Mod Tools log.
2. Adding fields to customize the SecResponseBodyLimit and SecRequestBodyInMemoryLimit to the Security Engine settings would be helpful.

Problem 1 may be more difficult to implement, but problem 2 should be easier as there already are customizable settings for PCRE Match. And since the WAF Comodo control panel is reporting a custom configuration and asks to reset it to the default, this could inadvertently be set back to default by sysadmin that may not remember why the file is customized.

Please implement a solution to problem 2 asap, and if you could determine a way to track and report the 'Response body too large' error, it would make problem solving this issue much easier.

Thank you for looking into this!

Hello ISMark. We will add your wishes in "to do" list. Also you can use SecResponseBodyLimitAction:
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secresponsebodylimitaction
To determine web page which cause such error you can add custom rule:
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#OUTBOUND_DATA_ERROR
be careful with this, because logs can take whole disk space.

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Wish List (Please post your wishes here)
« Reply #63 on: December 20, 2017, 12:26:40 PM »
I'd like to be able to watch twitter video clips and play sounds from bandcamp.com.
I'd like this browser to stop closing if I leave my laptop for more than an hour. Means I have to reload extensions. Why can't you save them?
Just keep the browser open, if I'm not there...GRR

All this happening since the last update  -seriously getting pished off with this browser >:(

Hello Billy Leeds. This thread is for discussing Comodo Web Application Firewall, but not browser. Please, be more attentive.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek