Comodo WAF "Curl" issue

Hi guys,
I want to first begin with saying that im really satisfied with the WAF Comodo rules that I have installed. They have made my server much more secured then before.

My issue with Comodo WAF is that I have products that contains the product name Curl and when my customers search for it by the search engine or visit their product page the WAF Comodo blocks them 403, because of the rule below?

I dont know how to fix this and Im worried of removing the rule, since it is for “COMODO WAF: System Command Injection”. Please advice.

SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:Post|!ARGS:desc|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/pk_ref/|!ARGS:command "(?i:/cc(?:$|[\t\n\r "'-;|])|(?:\b(curl|wget)|[;|][^a-zA-Z0-9]{0,}?\bcc)\b)"
“id:211000,rev:2,chain,msg:‘COMODO WAF: System Command Injection’,phase:2,severity:2,capture,block,setvar:‘tx.points=+%{tx.points_limit4}’,logdata:‘Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}’,ctl:‘auditLogParts=+E’,t:‘none’,t:‘normalisePath’”
SecRule REQUEST_FILENAME “!@contains /ajax.php/imp/sendmessage”

Please provide modsecurity audit log for this event.

please check below,

[Sun Apr 24 17:52:36.789205 2016] [:error] [pid 21538] [client] ModSecurity: Access denied with code 403 (phase 2). Match of “contains /ajax.php/imp/sendmessage” against “REQUEST_FILENAME” required. [file “/home/httpd/soass/cwaf/01_Global_Generic.conf”] [line “14”] [id “211000”] [rev “2”] [msg “COMODO WAF: System Command Injection”] [data “Matched Data: curl found within REQUEST_FILENAME: /index.php”] [severity “CRITICAL”] [hostname “”] [uri “/index.php”] [unique_id “VxzrxE9jBwIAAFQiuDMAAAAj”]

I changed hostname to .


It isn’t audit.log. In general you should follow this procedure:

Please note the Forum is up to date info below from admin page, sorry we have been informed there is a problem with updating the text.

Thank you

Version Information:
Forum version: SMF 2.0.12
Current SMF version: SMF 2.0.12