Hi guys,
I want to first begin with saying that im really satisfied with the WAF Comodo rules that I have installed. They have made my server much more secured then before.
My issue with Comodo WAF is that I have products that contains the product name Curl and when my customers search for it by the search engine or visit their product page the WAF Comodo blocks them 403, because of the rule below?
I dont know how to fix this and Im worried of removing the rule, since it is for “COMODO WAF: System Command Injection”. Please advice.
SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:Post|!ARGS:desc|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/pk_ref/|!ARGS:command "(?i:/cc(?:$|[\t\n\r "'-;|])|(?:\b(curl|wget)|[;|][^a-zA-Z0-9]{0,}?\bcc)\b)"
“id:211000,rev:2,chain,msg:‘COMODO WAF: System Command Injection’,phase:2,severity:2,capture,block,setvar:‘tx.points=+%{tx.points_limit4}’,logdata:‘Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}’,ctl:‘auditLogParts=+E’,t:‘none’,t:‘normalisePath’”
SecRule REQUEST_FILENAME “!@contains /ajax.php/imp/sendmessage”
“t:‘none’,t:‘lowercase’,t:‘normalisePath’”