comodo waf plugin and modsecurity

aros

Verified User
Joined
Jan 12, 2017
Messages
13
Hi,
Thanks to comodo waf plugin, it was installed easy

cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity
./build modsecurity_rules
./build rewrite_confs

now, we have some problem with partial uploading pictures to one website hosted on server which solved when we set off the "Request Body Access" in security engine tab of plug-in.
also we had a table deletion form a database after installing and running comodo waf (not sure be related to comodo waf !)

what is preferred "comodo waf " configuration for website hosting servers ?

CentOS 7.6
php 7.2
php 5.6


Regards
 

lolfust1

Verified User
Joined
Oct 24, 2015
Messages
40
Hi,
Thanks to comodo waf plugin, it was installed easy

cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity
./build modsecurity_rules
./build rewrite_confs

now, we have some problem with partial uploading pictures to one website hosted on server which solved when we set off the "Request Body Access" in security engine tab of plug-in.
also we had a table deletion form a database after installing and running comodo waf (not sure be related to comodo waf !)

what is preferred "comodo waf " configuration for website hosting servers ?

CentOS 7.6
php 7.2
php 5.6


Regards
edit the modsec conf and change the Request Body Access and empty request body to desire number, and restart apache/nginx
 

simpel

Verified User
Joined
Jun 6, 2019
Messages
24
open directadmin webinterface.
Click: 'Comodo WAF 2.24.4' link
click: 'UserData' tab
In formfield 'custom rules' add the the following:
SecRequestBodyNoFilesLimit 131072000

thats 10 times the default limit.
if still not enough increase even more.

(its recommended to edit this stuff not directly in the files themselfs on the server but through the webinterface because directadmin might overwrite custom edits when rebuilding/updating new versions.... overwriting your custom settings if not made through webinterface)
 
Last edited:

Migdiradmin

Verified User
Joined
Jan 5, 2020
Messages
78
wen i use this comands i have only comodo rules right?
What is the modecurity_rules?
What is the best Comodo rules or owasp for nginx_apache ?
 

Migdiradmin

Verified User
Joined
Jan 5, 2020
Messages
78
CSF doesnt ban the ip and i use lf_modsec to ban but nothing.

The modsecurity is working ok.

Wen i test
Code:
https://www.domain.com/?q="><script>alert(1)</script>
406 - error
Not Acceptable
An appropriate representation of the requested resource could not be found on this server.
 

aros

Verified User
Joined
Jan 12, 2017
Messages
13
open directadmin webinterface.
Click: 'Comodo WAF 2.24.4' link
click: 'UserData' tab
In formfield 'custom rules' add the the following:
SecRequestBodyNoFilesLimit 131072000

thats 10 times the default limit.
if still not enough increase even more.

(its recommended to edit this stuff not directly in the files themselfs on the server but through the webinterface because directadmin might overwrite custom edits when rebuilding/updating new versions.... overwriting your custom settings if not made through webinterface)
Thanks
Any other useful "custom rules" which usually added there?
 

sufiyanshaikh

Verified User
Joined
Aug 14, 2019
Messages
69
open directadmin webinterface.
Click: 'Comodo WAF 2.24.4' link
click: 'UserData' tab
In formfield 'custom rules' add the the following:
SecRequestBodyNoFilesLimit 131072000

thats 10 times the default limit.
if still not enough increase even more.

(its recommended to edit this stuff not directly in the files themselfs on the server but through the webinterface because directadmin might overwrite custom edits when rebuilding/updating new versions.... overwriting your custom settings if not made through webinterface)

Thanks a lot. You saved me!
 
Last edited:

simpel

Verified User
Joined
Jun 6, 2019
Messages
24
Thanks
Any other useful "custom rules" which usually added there?
if you have rules that generate false positives you can exlude that rule in the same userdata field:

Code:
SecRuleRemoveById xxxxxx
if you have fail2ban configured to read the modsecurity logs to ban repeat offenders make sure to unban the wrongly banned ip numbers. (ip numbers that were falsely added by a modsec rule need to be unbanned, just excluding the rule does not unban them)

to see the banned ip's per jail:
Code:
ipset list
to uban an ip:
Code:
fail2ban-client unban xxx.xxx.xxx.xxx
 

uzair_scorpion

New member
Joined
Jul 5, 2020
Messages
1
Comodo Waf Plugin Installation complete after open gui in admin panel getting error
cp: cannot stat '/etc/nginx/nginx-modsecurity.conf': No such file or directory
chown: cannot access '/usr/local/cwaf/conf/modsec2_plugin.conf': No such file or directory
can't read config /usr/local/cwaf/conf/modsec2_plugin.conf at /usr/local/cwaf/modules/CPAN/lib/Comodo/CWAF/ModSecurity.pm line 75.
Compilation failed in require at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 13.
BEGIN failed--compilation aborted at /usr/local/directadmin/plugins/comodo_waf/admin/index.pl line 13.
 
Top