Hi,
It looks like the standard install of CWAF on a generic CentOS server with no control panel activates all the rules, including the brute force detection ones that don’t work and other experimental rules.
Does anyone have an example of a basic exclude file that will disable these rules, as well as joomla rules, etc?
Thanks 
Which problems do you have with bruteforce protection?
The “Failed to write to DBM file” issue
I may have misread elsewhere too, but I thought there were a number of experimental rules that are not enabled by default (when using a control panel) but seem to be enabled on a basic command line install.
Here is ZIP archive of default exclude list file.
Unpack it to /etc/cwaf/httpd/global replacing original file.
Regards, Oleg
[attachment deleted by admin]
Thanks VERY much Oleg!
FYI… in my vanilla install, the only files in /etc/cwaf/httpd/global are 00_blank.conf and 00_blank.conf.backup. I’m not sure if the intent is that there should be anything else there by default, or if that is by design. Your reference will really help.
v
Hi
It’s absolutely ok. File absent because no exclude operations were performed.
By the way you can manage your excludes with console tool available into scripts folder in CWAF install.
For example if CWAF was installed into /usr/local/cwaf directory console tool available at
/usr/local/cwaf/scripts/cwaf-cli.pl
Run it to get available options.
Regards, Oleg
There is no need to download and copy default exclude config file in that folder. You can actually generate that from command line itself. I see you installed comodo waf in /etc/cwaf/ so scripts folder must be located in /etc/cwaf/scripts/ . Use the below command and it will generate pre blocked rules for CWAF. I used 50000000 as no rule exist for that id.
/etc/cwaf/scripts/cwaf-cli.pl -xd 5000000
Restart apache.
Now zzz_exclude_global.conf will be generated in /etc/cwaf/etc/httpd/global/
You can also get excluded rules list:
/etc/cwaf/scripts/cwaf-cli.pl -xl