WAF logging in WHM

In WHM Security Center »ModSecurity™ Tools » Hits List you will see the hits for mod_security.
If you see the attached files you see a difference betweeen Comodo and Configserve (CMC) rules.

Why is there Severity for CMC but not Comodo?
Why can we edit the rules for CMC but not Comodo?

[attachment deleted by admin]


Please note: Configserver and CWAF use the same modsecurity config file, so it’s not possible to use both products without conflict.
Only single one product will work in time.

I guess it’s because format of COMODO audit logs is different from CMC format, so log parser can’t find ‘severity’ for COMODO rules.

ModSecurity™ Tool keeps user defined rules in /usr/local/apache/conf/modsec2.user.conf
You can copy content of COMODO rule files into this file. Then copy bl_* (bl_agents, bl_domains etc) and userdata_* files from rules folder to /usr/local/apache/conf
Save In WHM Security Center »ModSecurity™ Tools » Edit Custom Rules
After that rules can be edited with WHM Security Center but new rule updates will not be available.

With best regards, Oleg

By the way adding COMODO rules to /usr/local/apache/conf/modsec2.user.conf somehow fixed ‘Severity’ issue :slight_smile:

[attachment deleted by admin]