I’m using the Comodo WAF rules as a vendor for CSF in WHM/Cpanel. I was having trouble getting large Wordpress uploads to go through successfully. A 100mb file would take 15 minutes to upload, but if I disabled the Comodo modsec rules, it would be done in less than a minute.
I narrowed it down to something in the 24_Init_AppsInitialization.conf file. I tried simply disabling the three rules in that file, but that didn’t work. Only when I disabled the entire file rule set did the uploads go back to being fast.
So, two part question: (1) Can this be fixed? and (2) What issues will I run into having this ruleset disabled? Will it affect all the other app-specific rules below it?
Thank you for reporting.
24_Init_AppsInitialization.conf is file containing required initialisation for web application (Wordpress, Joomla etc) check
So disabling this file you make web app rules ineffective.
I will ask rule writers to check this issue. We will check if it possible to fix such behavior.
You can try to disable request body inspection but several CWAF rules will not work in this case.
To disable request body inspection you should add following line
SecStreamInBodyInspection Off
at the end of file [b]/usr/local/apache/conf/modsec2.cpanel.conf[/b]
Doing this you are redefining default CWAF configuration.
What’s strange though, is if I have only 24_Init_AppsInitialization.conf enabled, and disable all the app-specific rules below it, the upload is still very slow.
So it’s not a specific app rule, but something else. Maybe it is the request body inspection?