cPanel 11.48 plans?

cPanel 11.48 with its ModSecurity overhaul and owasp based ruleset is now in the release tier. Is Comodo planning to be listed as a rule vendor in the new setup?

I’m concerned about how we’re going to handle the update with Comodo waf installed.

Wondering the same question.
We have updated all our cPanel servers now. And would like to add Comodo WAF as a Vendor? See picture.

[attachment deleted by admin]

Technically, we’ll be ready to support cPanel Vendor requirements this week. But I can’t say for sure when cPanel adds Comodo as a mod_security vendor, it will depend on agreements between companies management.

Hopefully very soon!
We tried out the new cpanel 11.48 OWASP rule set and it causes loads of false positives with clients unable to access or edit wordpress sites and we couldn’t access WHMCS. Have now disabled the rule set.

If we don’t choose to use the cPanel-supplied rules, CWAF will continue to function as before, right? Or will the new Vendor stuff interfere with that?

When we disabled the cpanel OWASP rule set the CWAF rules worked as before. As I understand it, new rules add to the existing set not replace them.


Yes, CWAF replace cPanel modsecurity config with its own, so cPanel-supplied rules don’t have effect on it.
This cPanel modsecurity config will be carefully restored after CWAF uninstall.
It means user should choose either CWAF or cPanel-supplied rules. They can’t work together.

Any updates on this? I don’t think you need cPanels approval you just have to create the YAML file online?! Or maybe I am wrong, but either way can not wait for this to be added. OWASP does have a lot of false positives, about 50-100 rules may be needed to removed but the new cPanel interface makes it very easy to disable rules one by one. At the end of the day I have decided to keep OWASP and wait for Comodo to create the cPanel ModSecurity Vendor functionality.

Technically, we are ready to this. All this cPanel ModSecurity Vendor requirements done:

YAML files and packages has been released.

But cPanel may add or not add Comodo WAF as a ModSecurity Vendor. So, let’s wait result of conversation between business/product departments.

I just found out the hard way that cPanel moved ModSec’s persistent IP storage from /tmp/ip.pag to /var/cpanel/secdatadir/ip.pag in 11.48. If you are using Comodo’s brute force protection rules, you may want to setup a cron job to delete this file every now and then. If it grows too large you’ll suddenly get hit with high server loads and poor performance. Had the file grow to 13GB during a large brute force attack that rendered ModSec ineffective.

Hi /var/cpanel/secdatadir/ip.pag is 47,640KB can i just delete this or it it not big enough yet

Interesting article about this problem:

Also you can try to use SecCollectionTimeout parameter to optimize ip.pag size or even try this utility
GitHub - SpiderLabs/modsec-sdbm-util: Utility to manipulate SDBM files used by ModSecurity. With that utility it is possible to _shrink_ SDBM databases. It is also possible to list the SDBM contents with filters such as: expired or invalid items only. to ‘shrink’ collection.

I have been waiting for mod_sec today and was trying to add the Comodo Rules to cPanel. I noticed that we can manually add a URL for vendor’s yaml files and to add their rules. I was going to try making my own to get the comodo rules in, but based on above it looks like this is done. Is it possible to get the yaml file so we can manually add it ourselves without waiting for cPanel to make a decision?


Sorry, but we still wait response from cPanel about this feature. We are not sure what current yaml file will be approved by cPanel, so they are possibly request us to change something, e.g. vendor names or identifiers.

I hope, next week, if we don’t have any changes on this, we’ll post a links to these yaml files and a way how-to add Comodo rules to cPanel.

Tristan J. Wallace says: [b]March 2nd, 2015 at 02:13 PM [/b] Hello,

Comodo is not being investigated yet as a possible vendor (OWASP ruleset is the provided vendor at this time). In case 171041, the discussion was made that this would be best set as a feature request instead at location.

I put in a feature request with cPanel posted at Comodo WAF as a ModSecurity Vendor

I hope this helps.

While cpanel check if add CWAF as vendor is there any chance you provide the information needed here to add you as vendor in the WHM?

Sounds like with that information you can add you into WHM and activate your rules.


I would like to see the same, more variety and participation from multiple mod security rule vendors – it doesn’t even require cPanel to do anything more. Any rule provider can setup the necessary vendor URL without cPanel involvement; I don’t understand why Comodo may be delaying this under seemingly false pretenses that it somehow requires official addition to cPanel&WHM.

Please see last information about this question here: