Comodo Rules and ConfigServer CMC

Hello,

Anyone managed to get the Comodo plugin and rules working with ConfigServer CMC?

I dont seem to be able to exclude rules in CMC globally or for a domain. I have added the rule to CMC to exclude it but doesnt seem to take effect on whitelisting it.

Thanks

Steve

ConfigServer CMC writes exclude list to /usr/local/apache/conf/modsec2.whitelist.conf

Comodo rules management was not tested with ConfigServer CMC, but you may try to include CMC exclude list to /usr/local/apache/conf/modsec2.conf

Include "/var/cpanel/cwaf/etc/cwaf.conf" Include "/usr/local/apache/conf/modsec2.whitelist.conf"

Hello,

Thanks, I have included Include “/usr/local/apache/conf/modsec2.whitelist.conf” in /usr/local/apache/conf/modsec2.conf

And seems to have done the trick I hope, Its just easier to disable a rule for one domain and safer than, doing it globally.

Any plans to include disabling rules for individual domains in the future?

Thanks

Steve

Yes, we plan to expand plugin with a catalogue of rules and ability to exclude rules per virtual domain.

Is there any way to globally disable WAF for one specific domain, using the cPanel plugin? I can only see a way to disable a category. I need to be able to disable ALL rules per vhost, like you could with CMC before. Thanks!

We would like to start using Comodo WAF on a VPS with CloudLinux, cPanel/WHM, WHMCS, Installatron and (important!) also Litespeed but have problems understanding the exact requirements and which steps to follow.

Assuming that Comodo WAF requires ModSecurity we rebuilt Apache/php in WHM/cPanel with EasyApache so it now includes ModSecurity.

Question 1: Is the right ? Or do we need to rebuild through EasyApache without Modsecurity.

As a result we now see in WHM ( the main control panel of cPanel) under the plugin section: the Easy Apache Mod_Security Module
( more info at: http://docs.cpanel.net/twiki/bin/view/AllDocumentation/EasyapacheModsecurity ).

Question 2: What do we need to enter or do in this WHM Easy Apache Mod_Security Module interface ?

On our VPS we had ( and still ) have ConfigServer Firewall installed as a firewall solution ( however so far without any add-ons: so no Configserver ModSecurity Control (cmc):
( more info on this: ConfigServer Modsecurity Control (cmc) – ConfigServer Services ).

Question 3: Can we continue using the Configserver Firewall or should we de-install it or alternatively install should we install the Configserver Modsecurity Control (cmc) for WHM/cPanel. In general what do we need to do ?

After adding Modsecurity through EasyApache Litespeed the following apparently ModSecurity related warning message showed up:

ERROR [ModSecurity] unknown server variable while parsing: MULTIPART_STRICT_ERROR

Litespeed gave us a reassuring - but general answer without any specifics - to this error message and Litespeed’s overall suitability for Comodo WAF:

Simultaneously ( although we can not confirm the cause ) the scanning functionality of Wordfence plugin in a few WordPress sites ceased to function normally after changing to Litespeed. It kept running endlessly and fails to complete. Strangely the Wordfence scanner works properly once we revert back to Apache…

http://www.webhostingtalk.com/showthread.php?t=1369769

After reading the above and researching we now understand that it might be better to stop using Wordfence altogether and instead go for the Comodo WAF, mod_security and CloudFlare route and combined solutions hence or questions on this forum.

Ideally including Litespeed …

We understand that Comodo WAF serves up the correct rules for Modsecurity also suitable for Litespeed.

But we have problems understanding the following vague instructions for Litespeed:

We also found the following confusing information on Modsecurity and Comodo WAF:

https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall-b223.0/-t101219.0.html

In the interest of many not so experienced WHM/cPanel users can we please get clear instructions on how to deploy Comodo WAF and Litespeed …

  1. Yes, it’s right. You don’t need to rebuild anything through EasyApache without Modsecurity.
  2. Dowload our installer

[b]wget Free ModSecurity Rules from Comodo

and run the next command:

bash cwaf_client_install.sh

to install rules and scripts. All files will be installed in /var/cpanel/cwaf. To update rules you can run /var/cpanel/cwaf/scripts/updater.pl. Also in your WHM in a section Plugins will be a subsection Comodo WAF, where you can manage your settings and make client and rules update.

  1. Comodo rules management was not tested with ConfigServer CMC, but there is no need to install Configserver Modsecurity Control (cmc) for WHM/cPanel.

“ERROR [ModSecurity] unknown server variable while parsing: MULTIPART_STRICT_ERROR” is expained by using apache ruleset for mod_security.