Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Modsecurity & Comodo WAF

Discussion in 'Security' started by Rockforduk, Jun 16, 2017.

Tags:
  1. Rockforduk

    Rockforduk Member

    Joined:
    May 5, 2016
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Root Administrator
    Hi Everyone,
    I recently moved from EasyApache 3 to 4 and i had Comodo WAF installed. Due to the move from 3-4 i had to reinstall Comodo WAF. Now for some reason it seems to be playing havoc with my Wordpress and Joomla installations. Has anyone else had this issue if so how did you resolve it?

    For example one of my Wordpress sites Modsecurity is blocking the menu so whenever you click on a menu item it throws up an error. As soon as i de-activate it the menu works fine. I then try to check the logs but it is not showing anything being blocked so it makes it hard to find out what the issue is!

    Thanks

    Rockforduk
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you notice any entries in /usr/local/apache/logs/error_log or under the "Hits List" in "WHM >> Security Center >> ModSecurity Tools" when this happens?

    Thank you.
     
  3. vlee

    vlee Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    336
    Likes Received:
    18
    Trophy Points:
    168
    Location:
    Spokane, Washington
    cPanel Access Level:
    Root Administrator
    I had the same issues and switched back to OWASP ModSecurity Core Rule Set V3.0 and problem solved.

    Comodo WAF looks like they are having issues

    I hope that helps.
     
  4. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    52
    Likes Received:
    23
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    How did you install Comodo WAF?
    Did you install the Comodo WAF plugin for cPanel?
    Or did you add Comodo as a Vendor through cPanel's "WHM >> Security Center >> ModSecurity Vendors"?
    These 2 different methods are completely independent of each other and would store the same set of rules in 2 different locations.
    If you enabled both simultaneously all rules would have a duplicate id.

    Which logs did you check?
    Or how did you check them?

    I suspect you are using the Comodo WAF plugin for cPanel.
    If this is correct then to make troubleshooting more easy you should make sure that all ModSecurity Vendors are not enabled in...
    "WHM >> Security Center >> ModSecurity Vendors"
    You should read the first post in this thread (it was updated today)...
    cPanel EasyApache4 + CWAF-plugin+ModSecurity™ Tools Hit list - Free Modsecurity rules - Comodo Web Application Firewall
    Especially relevant are the log file paths...
    SecAuditLog /var/log/apache2/modsec_audit.log
    SecDebugLog /var/log/apache2/modsec_debug.log
    Comodo WAF plugin for cPanel may be logging to a different location or if you are using the Comodo WAF plugin to view logs the plugin may be looking at the wrong location for the modsec_audit.log
     
  5. Rockforduk

    Rockforduk Member

    Joined:
    May 5, 2016
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Root Administrator
    Hi Fuzzylogic,
    I originally added them as a plugin install, when i upgraded to EA4 it got broken and thought maybe adding it as a vendor would be better. Big mistake it started blocking nearly everything lol, when i had it installed as a plugin on EA3 it worked perfectly fine and i would only have to whitelist only a few things.

    So i have disabled all vendors and reinstalled it as a plugin and waiting to so if it rectifies itself. Nothing major at the moment so i will keep monitoring and post back.
     
Loading...

Share This Page