Web Application Firewall -Free Modsecurity rules

Hi Guys

we just launched waf.comodo.com a web application firewall.

this is like an antivirus/firewall for your web site. Anyone who has a website should use this as it will protect you from attacks (all sorts)…

Please let us know what you think about it.

We are initially launching it to be for FREE! (in future there will be different versions but for now please enjoy it for free).

Thanks

Melih

[attachment deleted by admin]

i thought this was discontinued?

https://forums.comodo.com/comodo-web-application-firewall-cwaf-b223.0/

Hi, there was a facebook post for a new product called WAF, Web application Firewall.
I have called Sales, and tried to login and register for this product, but i can not get on to the site, i know it being the holidays and this is a very new product, (Sales had not herd of it) that there still may be issues with registering and such.

Any Help on how i can get my hands on this new product would be very helpful. The advertised URL is https://waf.comodo.com/

Thank you

Regards

Rosina

One last thing, sorry, does anyone know anything about this new product, other than what is said on the web site? We run Apache, is there really any other choice…

Good to see Comodo making new innovations and resurrecting old ones :slight_smile: :-TU

we built a whole new system of signature/rule generation for WAF and its compatible with Mod-Security and FREE!!!

Thanks, i also looked at help.comodo.com will be trying it out! Keep up the great work!
Loyal Fan!

I merged zwitterion’s topic with this one.

Here are the quick start and admin docs for our Free Mod_sec rules (WAF).

[attachment deleted by admin]

Got it registered, downloaded and installed.

Thanks to all.

Regards

great to hear…

please let us know your feedback and any improvements you would like to see please.

we are here to help.

Melih

Just so I understand it correctly. There are two firewalls that get supported by one rule system. WAF is still alive after having been reworked to have Mod-Security type of signature/rule generation.

Hi,

I tried to install the CWAF cPanel Plugin on a fresh cPanel server last night but had some problems.
I managed to solve them with some code editing, so I thought I mention the changes I did here - so that they can be fixed in future versions.

  1. Documentation doesn’t mention that some particular Perl modules are required for the installer to work.
    JSON, JSON:XS, and Crypt::SSLeay are not installed by default on a fresh cPanel server, so one has to install them by hand.
    A small how-to would be nice.

  2. After installation completes, the plugin won’t load due to AppConfig restrictions. You either need to disable AppConfig checks from Tweak Settings or create your own .conf file to register the application.
    I created a new file named: /var/cpanel/apps/addon_cwaf.conf
    with the following contents:

# name
name=addon_cwaf

# Service that will serve this app
service=whostmgr

# Physical path: /usr/local/cpanel/3rdparty/Foo.php
# Literal URL path: $server:$port/$cpsession/3rdparty/Foo.php
url=/usr/local/cpanel/whostmgr/docroot/cgi/addon_cwaf.cgi

# System user to run process as
user=root

# Required acls
acls=any

# Display name as show in the service ui
displayname=addon_cwaf

and ran: /usr/local/cpanel/bin/register_appconfig /var/cpanel/apps/addon_cwaf.conf

  1. Now that the application is registered with AppConfig, it won’t load:
Software error:

Can't locate Comodo/CWAF/Cpanel.pm in [at]INC ([at]INC contains: /usr/local/cpanel /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/local/cpanel/whostmgr/docroot/cgi/addon_cwaf.cgi line 23.
BEGIN failed--compilation aborted at /usr/local/cpanel/whostmgr/docroot/cgi/addon_cwaf.cgi line 23.

To fix this I added the following line to /usr/local/cpanel/whostmgr/docroot/cgi/addon_cwaf.cgi

BEGIN { unshift [at]INC, '/var/cpanel/cwaf/modules'; }

after line 1.

  1. Now the plugin loads fine, but we haven’t got any rules yet. Let’s click the “Update Rules” button… unfortunately nothing shows up in the Updater Status window.
    To fix this I went into /var/cpanel/cwaf/scripts/updater.pl and replaced the first line (#!/usr/bin/perl) with:
#!/bin/sh
eval 'if [ -x /usr/bin/local/cpanel/3rdparty/bin/perl ]; then exec /usr/local/cpanel/3party/bin/local -x --$0
${1+”$[at]”}; else exex /usr/bin/perl -x $0 ${1+”$[at]”}; fi;'
if 0;
#!/usr/bin/perl
BEGIN { unshift [at]INC, '/var/cpanel/cwaf/modules'; }

and the rules start to download.

  1. The first time I clicked “Update Rules” the latest ruleset got downloaded (v0.30 as of writing).
    However there are two problems:
    a) the ownership of the /var/cpanel/cwaf/rules folder and files inside has been altered and is now owned by 1011:users
    b) if I click the “Update Rules” button again, it will download some random other version of the rules - and overwrite v0.30 potentially even breaking Apache.

  2. “Configuration” Tab
    If I go to the Configuration tab, I can see that the Debug log is “utils.log”. Now if for example I go the Debug slider to the right, say to “5” and hit “Update Config”, and reload the app, the Debug log filename is gone. And I can’t get it back anymore either. Only way is to edit /var/cpanel/cwaf/etc/main.conf

  3. The Excludes editor does not work. I can add a rule, but clicking the “Save configuration” button does nothing.

Information about the Perl changes and AppConfig file I created can be found here:
http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/InstallingInternalPerlModules
http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/AppConfig

I hope my feedback helped :slight_smile:

PS: For some reason it’s not possible to post/reply at the CWAF subforum: https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall-b223.0/ otherwise I would have posted all that there.

George,

First of all, thank you very much for the feedback. We will most definitely take all this in and improve and release another version. With each version the product will get better.

Please work with us so that the whole community can benefit from the good work you do.

again, thank you!

Melih

Hello

Thank you for your feedback.

From your description is clear that CWAF plugin is not work correctly. Please provide us more information about your server to review and fix these issues:

  1. Cpanel version and version of Operating System.

  2. Did you use our installation script (“cwaf_client_install.sh”) for installing cPanel plugin and checking of all system dependencies?

If so, have you got some console output of this script?

This script “cwaf_client_install.sh” is available in your CWAF account interface: https://waf.comodo.com/cpanel/cwaf_client_install.sh

  1. Could you please provide us information from CPanel errors log (“/usr/local/cpanel/logs/error_log”) for the period of time you are tried to use our plugin?

grep -i cwaf /usr/local/cpanel/logs/error_log

Hello,

Fresh CentOS 6.5 x86_64 install with cPanel 11.40.1 (build 8).

uname -r

2.6.32-431.el6.x86_64

The installation was not performed on a live server - but on a freshly installed test server.

Yes, I downloaded your installation script from https://waf.comodo.com/cpanel/cwaf_client_install.sh and ran:

bash cwaf_client_install.sh

The first time I ran it I received a message that I needed to install some perl modules, JSON, JSON::XS and Crypt::SSLeay.
I did so from within WHM, and then tried to run the script again. This time it worked and I was prompted to chose between the cPanel plugin or Standalone scripts (option 1 or 2). I entered 1 and the installation continued until I got prompted to do enter my CWAF username/password. Finally the installation finished and I had to enter:

echo "Include \"/var/cpanel/cwaf/etc/cwaf.conf\" ">>/usr/local/apache/conf/modsec2.conf

and reload Apache.

First attempt:

root@hydrogen [~]# bash cwaf_client_install.sh

Choose type of installation: 


1) Cpanel installation
2) Standalone scripts

Choose [1|2]: 1


Try to install scripts for CPANEL
Missing perl module JSON
Missing perl module JSON::XS
Missing perl module Crypt::SSLeay
Install missing perl dependencies
Installation aborted

Second attempt after having installed the perl modules:

root@hydrogen [~]# bash cwaf_client_install.sh 

Choose type of installation: 


1) Cpanel installation
2) Standalone scripts

Choose [1|2]: 1


Try to install scripts for CPANEL
Enter CWAF connection data
--------------------------

Enter CWAF user: xxxxxx@xxxxxxx
Enter CWAF password: xxxxxxx

Run this command to load mod_security module & load rules: 
echo "Include \"/var/cpanel/cwaf/etc/cwaf.conf\" ">>/usr/local/apache/conf/modsec2.conf

And reload Apache HTTPD.



Installation complete!

I have pasted the output to pastebin: root@server [~]# grep -i cwaf /usr/local/cpanel/logs/error_log[Sun Dec 29 21:0 - Pastebin.com

  1. Did you use our installation script (“cwaf_client_install.sh”) for installing cPanel plugin and checking of all system dependencies?

I used it and had no issues.

Thanks again…

Rosina

Thank you for your help.

Sorry, but our plugin is really not compatible with the last cPanel version (11.40.x). It was tested and released in August.

Now we are working on the new plugin version with supporting last cPanel and improvements.

Thank you Vadim, great to know! :slight_smile: We’re really excited about the new release.

cPanel changed a lot of stuff since v11.36 regarding WHM plugins in terms of Perl support and security (AppConfig) so all those errors are not really your fault. You just need to make it compatible with the new way cPanel handles plugins.

Here are a few docs that will help you: http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/CreatingWhmPlugins#Perl
http://cpanel.net/prepare-your-perl-scripts-for-11-36/
http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/AppConfig

Happy New Year!

Hello Vadim

Do you have any news on when a new install script will be ready for 11.40?

Thank you