Modsecurity & Comodo WAF

Rockforduk

• June 16, 2017 01:37

Hi Everyone, I recently moved from EasyApache 3 to 4 and i had Comodo WAF installed. Due to the move from 3-4 i had to reinstall Comodo WAF. Now for some reason it seems to be playing havoc with my Wordpress and Joomla installations. Has anyone else had this issue if so how did you resolve it? For example one of my Wordpress sites Modsecurity is blocking the menu so whenever you click on a menu item it throws up an error. As soon as i de-activate it the menu works fine. I then try to check the logs but it is not showing anything being blocked so it makes it hard to find out what the issue is! Thanks Rockforduk

• 

  cPanelMichael

  • June 16, 2017 18:30

  I then try to check the logs but it is not showing anything being blocked so it makes it hard to find out what the issue is!

  
  Hello, Do you notice any entries in /usr/local/apache/logs/error_log or under the "Hits List" in "WHM >> Security Center >> ModSecurity Tools" when this happens? Thank you.

  0
• 

  vlee

  • June 16, 2017 19:28

  I had the same issues and switched back to OWASP ModSecurity Core Rule Set V3.0 and problem solved. Comodo WAF looks like they are having issues I hope that helps.

  0
• 

  fuzzylogic

  • June 17, 2017 03:04

  i had Comodo WAF installed. ... i had to reinstall Comodo WAF

  
  How did you install Comodo WAF? Did you install the Comodo WAF plugin for cPanel? Or did you add Comodo as a Vendor through cPanel's "WHM >> Security Center >> ModSecurity Vendors"? These 2 different methods are completely independent of each other and would store the same set of rules in 2 different locations. If you enabled both simultaneously all rules would have a duplicate id. Which logs did you check? Or how did you check them? I suspect you are using the Comodo WAF plugin for cPanel. If this is correct then to make troubleshooting more easy you should make sure that all ModSecurity Vendors are not enabled in... "WHM >> Security Center >> ModSecurity Vendors" You should read the first post in this thread (it was updated today)... cPanel EasyApache4 + CWAF-plugin+ModSecurity" Tools Hit list - Free Modsecurity rules - Comodo Web Application Firewall Especially relevant are the log file paths... SecAuditLog /var/log/apache2/modsec_audit.log SecDebugLog /var/log/apache2/modsec_debug.log Comodo WAF plugin for cPanel may be logging to a different location or if you are using the Comodo WAF plugin to view logs the plugin may be looking at the wrong location for the modsec_audit.log

  0
• 

  Rockforduk

  • June 25, 2017 08:10

  Hi Fuzzylogic, I originally added them as a plugin install, when i upgraded to EA4 it got broken and thought maybe adding it as a vendor would be better. Big mistake it started blocking nearly everything lol, when i had it installed as a plugin on EA3 it worked perfectly fine and i would only have to whitelist only a few things. So i have disabled all vendors and reinstalled it as a plugin and waiting to so if it rectifies itself. Nothing major at the moment so i will keep monitoring and post back.

  0

Please sign in to leave a comment.