HUGE ip.pag Easyapache 3

Had an issue today with a really poor performing Apache, a cpanel ticket found the following issue related to the comodo WAF

A recent update of the COMODO rules dramatically increased the amount of data this third party vendors rules input to this cache file.

I found that your servers ip.pag file was over 70G in size. In order to temporarily resolve this issue, I moved the current cache file out of the way(mv /var/cpanel/secdatadir/ip.pag{,.bak}) and restarted the Apache service. After which I watched your server for a time to confirm the load remained low and stable. Since we are constrained from removing customer data, I recommend removing this file if you do not want it restored.

Due to the changes in the COMODO rules, this will likely fill up the ip.pag file again in a short time. In order to prevent this we recommend disabling the COMODO vendor ruleset and using the cPanel provided OWASP rules.

can you advise?

Hello, possibly it’s due to some of new rules. Please, check these topics.

We are sorry, please update to the new version of the rules: 1.141

See details here:;msg866636#msg866636

I don’t use the plugin but the ohter can you tell me how to check what version please ? also how to update them i thought it was automatic.


There are two possible ways of Free ModSecurity Rules from Comodo usage with cPanel:

  1. Activate the COMODO as a cPanel ModSecurity vendor as described below:
    Comodo Help

In this case, the rule-set is updated automatically to the latest version by cPanel on daily basis.

  1. Using the COMODO CWAF plug-in when the rule-set and plug-in version updates should be triggered on the cPanel manually. The currently installed versions can be checked on cPanel as well.
    The detailed update process and version check descriptions are available at the link below:
    Comodo Help

Important Note: cPanel ModSecurity Vendors are not compatible with CWAF plug-in. So, you can’t use both in parallel for management of your protection rules. Also, don’t activate both Comodo Rule Sets for Apache and LiteSpeed simultaneously to avoid conflicts.

Should you have any further questions, do not hesitate to ask.

What’s that got to do with my problem ?

Hello needsomehelp.
You can find what the latest CWAF rules version in the file "rules.dat", in the folder where CWAF rules located. Or by the link:

Free ModSecurity Rules from Comodo.
Tip to use CWAF plugin was about getting information when the latest CWAF rules or plugin update released. Also you can install CWAF agent in standalone mode:
Comodo Help
after this you could be able to check agent version, installed and available rules version and web platform run:

/path_to CWAF/cwaf/scripts/ -v

More information about plugin which could be wery helpful you can get at:

Kind regards.