How can i edit Rules ?

Free Modsecurity rules - Comodo Web Application Fi
#1

Hello,
actually the Rule-ID: 210730
with:

ModSecurity: Access denied with code 403 (phase 2). String match within “.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/” at TX:extension.

[file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “450”]

[id “210730”] [msg “COMODO WAF: URL file extension is restricted by policy”]

makes me problem.
I want to remove the file-extension <.dat> from the Rule, but the other file-extension should still exists.
How can i do this?

thank you

#2

Looks like this rule is fetching value from another rule ID. But if change value here then in next update it will be gone. May be comodo guys can help you better.

SecAction
“id:210040,
phase:1,
pass,
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|appli$
setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .d$
setvar:‘tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/’,
nolog,
t:none”

#3

Hello,

you can exclude rule id 210040 by WHM - Plugins - Comodo WAF - Catalog - Search By Rule ID - 210040 - Off -Implement and add your own rule:

SecAction
“id:1,
phase:1,
pass,
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|appli$
setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .db/ .d$
setvar:‘tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/’,
nolog,
t:none”

by WHM - Plugins - Comodo WAF - User Data - Custom Rules:

Configuration file will be /var/cpanel/cwaf/etc/httpd/custom_user.conf. For own rules you can use id 1-99999. After user conf creation, please, restart web-server.

#4

thank you :slight_smile: