modsec_vendor update error

verdon

Well-Known Member
Nov 1, 2003
919
12
168
Northern Ontario, Canada
cPanel Access Level
Root Administrator
Hi,

I am getting an error in my panel update logs

"[2019-01-11 09:07:04 -0500] E [/usr/local/cpanel/scripts/modsec_vendor] The “/usr/local/cpanel/scripts/modsec_vendor update --auto” command (process 113123) reported error number 1 when it ended."

When I run '/usr/local/cpanel/scripts/modsec_vendor update --auto' manually, I get the following and can see the error is getting the Comodo yaml file

Code:
# /usr/local/cpanel/scripts/modsec_vendor update --auto
info [modsec_vendor] Updates are in progress for all of the installed ModSecurity vendors with automatic updates enabled.
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
info [modsec_vendor] The vendor “configserver” is already up to date.
warn [modsec_vendor] The system could not add the vendor: The system could not download the file “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: curl: (7) couldn't connect to host


info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
warn [modsec_vendor] The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: The system could not download the file “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: curl: (7) couldn't connect to host
Is anybody else seeing this? I am getting it on two servers.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
I gave up on the Comodo rules.

Every time I tried to get the waf.comodo.com URL in a browser, it errors out with a temporarily unavailable or too busy message - I wonder if this has anything to do with the purchase of Comodo by Sectigo
 

verdon

Well-Known Member
Nov 1, 2003
919
12
168
Northern Ontario, Canada
cPanel Access Level
Root Administrator
I gave up on the Comodo rules.

Every time I tried to get the waf.comodo.com URL in a browser, it errors out with a temporarily unavailable or too busy message - I wonder if this has anything to do with the purchase of Comodo by Sectigo
That's too bad. I had so many problems with the OWASP rules and the Comodo set has been mostly OK... been using them for years.
 
  • Like
Reactions: bloatedstoat

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
Don't be surprised if it doesn't resurface as a paid only service - with all the corporate takeovers going on, the boards of directors will only have one thing on their minds - how to make larger dividends for their shareholders !
 

verdon

Well-Known Member
Nov 1, 2003
919
12
168
Northern Ontario, Canada
cPanel Access Level
Root Administrator
The Comodo site is a mess. I've been bounced through 3 different support departments now, broken links all over the place, everywhere is a come-on to sell services... looking like I'll have to go back to OWASP
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
Hello @verdon

This is unfortuntely an issue with https://waf.comodo.com - we've had a few reports of this internally as well. The site has to be reachable in order to get the yaml file. Right now it looks like the site is not resolving at all:

Code:
# curl -vv https://waf.comodo.com
* About to connect() to waf.comodo.com port 443 (#0)
*   Trying 178.255.86.135...
* No route to host
* Failed connect to waf.comodo.com:443; No route to host
* Closing connection 0
curl: (7) Failed connect to waf.comodo.com:443; No route to host
If you're unable to get assistance you might disable it and try again in a couple of days, I'm assuming they're aware of the issue at this point.
 

verdon

Well-Known Member
Nov 1, 2003
919
12
168
Northern Ontario, Canada
cPanel Access Level
Root Administrator
Thanks @cPanelLauren ,

That's the conclusion I was coming to as well. Their site(s) are a real mess right now, and the couple of support areas I was shuttled around to didn't seem to be aware of what they were trying to support. I suppose for a few days it's just noise in my logs. I hope it gets sorted out soon. I do mostly like the Comodo rules, but it may be time to look elsewhere.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
Thanks @cPanelLauren ,

That's the conclusion I was coming to as well. Their site(s) are a real mess right now, and the couple of support areas I was shuttled around to didn't seem to be aware of what they were trying to support. I suppose for a few days it's just noise in my logs. I hope it gets sorted out soon. I do mostly like the Comodo rules, but it may be time to look elsewhere.

I'm really sorry to hear that, I do hope that once the dust settles a bit things will go back to normal.
 

Greg M

Well-Known Member
May 26, 2016
50
15
58
Glasgow, Scotland
cPanel Access Level
Root Administrator
I have had this a number times over the past 8 months. It's generally not a huge problem as it resolves usually within a day or two. I did at one point contact comodo support. (There is a support link in the portal where you sign up to receive the rules) And they managed to fix the problem (no doubt kicked the server) and replied and asked me to update again and it worked.

You may just find that they are experiencing overloads if too many users are updating their WAF rules at the same time. Remember it's not just cPanel users that can get these free rules. Anyone can so it's likely they would have load issues now and again.

I personally find the comodo rules to be far superior to OWASP. the owasp rules had so many false positives I had no choice but to remove them, installed comodo and never looked back, I think I disabled 1 comodo rule that was being triggered by a wordpress plugin and that was it.

Lets hope the speculation about sectigo charging for comodos free services is just that - speculation. I love the fact that comodo are providing essential things like WAF rules and SSL certs for free en mass, saves a fortune for those of us who are not rich, or don't have rich clients ;)