CWAF CPanel Plugin Latest 1.6 - Error

xanubi · June 2, 2014, 4:09pm

When i turn off GLOBALLY one rule, it doesn’t work, modsecurity continues blocking with that rule.

I’ve GLOBALLY turned off 210700, restarted apache, nothing happens, it still blocks with that rule like if the rule is ON.

What should i do, remove it from the .conf file??

TDmitry · June 2, 2014, 5:08pm

As option you can delete that rule at this moment. It will be removed with next update.

xanubi · June 2, 2014, 5:14pm

TDmitry,

THank you.

This happens on all rules that i want to remove globally or on vhosts.
Will the next update fix that?

oleg.tsygany · June 3, 2014, 10:04am

Hi xanubi

Can you please run this test for us?

Turn off rule 211580 globally and try to send this test request in browser:
http://YOUR.SITE.COM/?a=b%20AND%201=1

Where YOUR.SITE.COM is address of your site.

If CWAF works correctly you shouldn’t get 403 Forbidden error message.
Thanks in advance.

xanubi · June 4, 2014, 11:13am

Hi Oleg,

With that rule, it worked, after turned off, the url you gave (with my site) didnd’t block (no 403).

But that doesn’t happen with some other rules, i repeat the text for 210700 and it continues to block, and 210700 is turned off globally.

oleg.tsygany · June 4, 2014, 4:21pm

Hi xanubi

It possible this is not 210700 blocking… To know for sure check Apache error/audit logs.

xanubi · June 5, 2014, 4:26pm

Hi already checked before posting.

The only way, was removing that rule from the .conf file.

mommaroodles · June 5, 2014, 6:32pm

Hi Everyone

I’ve just recently found out about the CWAF plugin or cpanel. I’ve registered at the forum because I had a very relevant question to ask about the plugin. I may have posted it in the wrong section - but it was in the forum relating to the plugin but a little while later after posting my question, I returned to the forum to see if there perhaps was an answer and now cannot find any record of my post anywhere, leaving me to think it has been deleted. I just wonder why!

I initialised the install process using # bash and received a warning that the plugin had not been tested with Mod Security version 2.8.0 - surely this would be a concern for anyone and reason enough to want to find out if anyone else has perhaps installed with on CentOS 6.5 86_64 with Mod Security 2.8.0 installed via Easy Apache. Cpanel version 11.42.1 (build 16).

Does anyone perhaps know if this plugin works successfully with Mod Security 2.8.0 ?

brijendrasial · June 5, 2014, 9:34pm

It works very fine. You can install without any worry

akabakov · June 6, 2014, 11:53am

We have tested modsecurity 2.8.0 and have not found any critical errors. So modsecurity 2.8.0 can be used with our rules.

mommaroodles · June 6, 2014, 5:04pm

Ah Thank You for the reply - I’m still new at this and have set up new vps, I dont at this point want to break anything