Comparison of Comodo Free Modsec rules vs Paid competitors

check out the comparison test between Free Comodo modsec rules vs paid competitors ones.

[attachment deleted by admin]

Good to see Comodo doing so well. :slight_smile:

Without wanting to burst anyone’s bubble, it would be interesting to also note how many active rules Comodo’s WAF has implemented vs the other available rulesets out there. It goes without saying that half the rules will normally be processed twice as fast.

I mention this because my team has just spent the last 2 weeks debugging a relentless peformance problem affecting one of our servers currently using Comodo’s WAF, only to find that the WAF itself was causing the slowdown. Apache load per process would spike up on this server by as much as 20x what it should, bringing the server to a crawl. Disabling WAF without touching anything else lowered load on that server by at least 80%.

While this particular scenario tends to be more the exception than the rule (WAF running on dozens of other servers so far with negligible apparent overhead) in addition to the actual performance, it would be useful to know the effectiveness of the platform at blocking threats. Only then can we have a sensible discussion of the platform’s effectiveness vs other available solutions.

the number of rules depend on which applications/services you have in the server.
there is no point in putting a rule that doesn’t apply to apps/services that you have. This capability on its own, which what Comodo WAF provides creates a much more optimized experience.

So the key is

Which apps/services running on that server
How many vulnerabilities each one of these have
How many of these vulnerabilities does WAF cover.

We focused on having exactly and only exactly what the server need rather than put all 25000 rules on each server and take up unnecessary resources.

So, if there are vulnerabilities we haven’t covered, we would love to hear about them so that we can protect you immediately.

thanks

Melih

Is there any feature under CWAF to make it know automatically what rules apply to each web server (depending on the app/services running) and ignore the rest that do not apply?
I mean, like a pre-scan to let know the admin what rules can be applied, instead of applying all full rule packages?

Or this has to be done manually by the admin, to apply specific rules for the specific apps/services running?
This approach will need that the admin has some serious knowledge on the subject.

Joomla Script Plugins, this ones (they’re serious i see hundreds daily just on one server):

Google Maps plugin for Joomla

Second one (is old but there’s lots and lots of joomlas using this version, because users don’t update their joomlas:
COM_JCE Exploit