Strange Messages in Apache Log & CWAF


In the Apache logs I notice:

[Sat Jul 12 17:28:16 2014] [notice] Status engine is currently disabled, enable it by set SecStatusEngine to On.

And in the CWAF security engine interface I see the following (even though I haven’t modified anything):

Custom Mod Security changes found!
If you change engine configuration, all your custom options will be lost.
You will be able to find backup of current configuration in: /usr/local/apache/conf/modsec2.conf.custom

Any ideas on what happened and how to address it?



Also, Mod Security is not working, as exploit test URLs bring a 404 instead of a 403.

In looking at the config, I’m guessing that cPanel added some new code to the Mod Security config, to address the new MPM ITK profile they recommend. However, the most concerning thing is that Mod Security no longer works. Any ideas? Since it’s a cPanel / WHM plugin, of course the hope is that it works around any issues that cPanel may introduce.

Anyone else having similar experiences?

Please, resave config-file in section Comodo WAF – Security Engine – Update config. In this case your custom config will be saved as modsec2.conf.backup and you’ll get our config-file without Cpanel code.