Free mod_security rules!

Click here to get Free Modsecurity rules

Web hosting industry is an important industry for Comodo.
Protecting web sites is an important function as attacks against websites increase and not only are the businesses running these websites are under attack, but visitors who use these websites are also vulnerable due to compromised web servers and web sites.

Mod_sec is a decent platform but without signatures/rules its not much use (ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules)](ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules)

There were some free mod_sec rules in the past that did a good job, albeit delayed it was decent, but it no longer is available. (Please note that Atomicorp no longer provides a free delayed version of its ModSecurity Rule set.)

Comodo is a company who sees the threat on daily basis on both sides of the fight, consumer side and business side. We see it in the consumer side because we protect tens of millions of users using our Antivirus products. We see it on the business site because we monitor and protect businesses and their website with products like and

So, this puts Comodo in the position of most capable company who can produce the mod_sec rules and do so very effectively. And here we are, we decided to build the infrastructure and provide mod_sec rules for FREE! (there might be different variation in future but we will always provide some free version so that you can be secure).

Here is our promise to you: We will work with you to protect your web sites and web servers! Talk to us about problems/attacks you are facing and let us provide you mod_sec rules for free to protect yourself.

you can go ahead and get your mod_sec rules for free at

Free Mod_security Rules blog



[attachment deleted by admin]


We are more than happy to focus on specific attack vectors, and create custom virtual patches for these vulnerabilities.

So talk to us about these and we’ll be more than happy to create these…(for free)…


One I install it, will it protect all my websites hosted under the same server, or do I have to create rules for each website?

It will work for all sites on server by default, but you can limit it to specific sites if you want.

In case this is for cPanel, there’s a great tool called ConfigServer ModSecurity Control (cmc) which allows you to control the domains you wish to protect (or not) with mod_security as well as see the mod_security logfile with detailed information about each entry. Additionally you can edit the mod_security conf files from there.

Check it out here: ConfigServer Modsecurity Control (cmc) – ConfigServer Services

Thank you both for your reply. I will give it a try. :-TU

This is really great that comodo is providing a free set of modsecurity rules. Just wondering, how often are the rules updated? and how strict are they (will they cause a lot of false alarms with common scripts like WP, Joomla, etc)?


We have over 70M users with our Free antivirus products and FP is an important thing to watch for them too. Our AV labs are well trained to “hate FPs” :).
Of course nothing is 100% and the key is, our AV labs guys are present here in this forum 24/7. If you get any FP, you can report via the application or come here and tell us, we’ll see to it immediately and release patch.
How fast are the updates? As fast as a new vulnerability is found. We are constantly watching any new vulnerability, the second we find out, is the second we start writing the rules.

Our job is to protect you and your business.


we will have the new version of cpanel plugin available early next week! HURRAY :slight_smile:

Great! 0.32 btw are pretty smooth so far. 8)

Thanks Julien, good to hear.

I think the rules are pretty smooth now (thanks to you guys!).

New cpanel plugin will be released early next week and we hope it will be working nicely too…

then the work is about creating the fastest modsec rules…offer highest security with the least cpu cycles!



The latest version is now released.

Cpanel plugin supports the latest cpanel version and all seems to be working nicely (fingers crossed).

you can now install free modsecurity rules using our Comodo cpanel plugin at

please let us know if we can help in any way.

1.0 cPanel Plugin working good so far. Nice!

hurray :slight_smile: thanks for the confirmation Julien!

I want to give this a try, but I have 3 concise questions:

  1. If I am running another panel other than cPanel, can I still use the Agent? If “yes”, how can I access the WAF panel to manage and update the rules?
  2. How can I apply the rules to only a few specific websites (virtual hosts), instead of ALL the websites?
  3. Is there a tool or online service that can be used to do an “attack” and see Comodo WAF in action?

Thank you very much. I am very interested in this product.

Yes, you may install standalone scripts:

`Cpanel installation hasn’t been found.
You may install standalone scripts.

Continue installation [y/n]:`

In that case you will be able to access:

See more here:

If you don’t use cPanel with CWAF plugin, you need to edit Apache configuration files.

See example of solution here: apache 2.2 - Enable Mod_Security for only one website - Server Fault

Basically, you may use web-browser to send some hackers requests, trying SQL injection or XSS. Or try to use some kind of vulnerability scanner, like Comodo Hacker Guarduan:

Found CPanel installation.
Continue installation [y/n]: y
Path to perl packages
PERL - /usr/local/cpanel/3rdparty/bin/perl
CPAN - /usr/local/cpanel/3rdparty/perl/514/bin/cpan

Check perl dependencies… [OK]
Check Apache HTTP installation… [OK] (2.2)
Check Mod_Security installation… [OK]
Decompress Comodo WAF package…/usr/bin/tail: cannot open `…//root/’ for reading: No such file or directory

gzip: stdin: unexpected end of file
/bin/tar: Child returned status 1
/bin/tar: Error is not recoverable: exiting now

Enter CWAF connection data

Enter CWAF user: xxxxxxxxxxxxx
Enter CWAF password: xxxxxxxxxxxxx
Prepare Comodo WAF configuration…
Comodo WAF Perl modules package not found.
Installation aborted

I encountered the same issue. Would it help to change the script

if [ ! -r Comodo-CWAF.tar.gz ]; then echo -e "\nComodo WAF Perl modules package not found." do_exit 1 fi

$TAR_BIN -zxf Comodo-CWAF.tar.gz

and rename all instances of the package name to cwaf_rules-0.3x.tgz?


Seems you started installation script from another directory.

Please try to change directory before starting script, e.g.

cd /root bash

Documentation and installation instructions will be expanded in the near future.

very interesting! As I will learn to webprogram this might be very very useful as well as helpful tool. Great done!