Rockforduk

Well-Known Member
May 5, 2016
45
4
58
London
cPanel Access Level
Root Administrator
Hi Everyone,
I recently moved from EasyApache 3 to 4 and i had Comodo WAF installed. Due to the move from 3-4 i had to reinstall Comodo WAF. Now for some reason it seems to be playing havoc with my Wordpress and Joomla installations. Has anyone else had this issue if so how did you resolve it?

For example one of my Wordpress sites Modsecurity is blocking the menu so whenever you click on a menu item it throws up an error. As soon as i de-activate it the menu works fine. I then try to check the logs but it is not showing anything being blocked so it makes it hard to find out what the issue is!

Thanks

Rockforduk
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I then try to check the logs but it is not showing anything being blocked so it makes it hard to find out what the issue is!
Hello,

Do you notice any entries in /usr/local/apache/logs/error_log or under the "Hits List" in "WHM >> Security Center >> ModSecurity Tools" when this happens?

Thank you.
 

fuzzylogic

Well-Known Member
Nov 8, 2014
154
93
78
cPanel Access Level
Root Administrator
i had Comodo WAF installed. ... i had to reinstall Comodo WAF
How did you install Comodo WAF?
Did you install the Comodo WAF plugin for cPanel?
Or did you add Comodo as a Vendor through cPanel's "WHM >> Security Center >> ModSecurity Vendors"?
These 2 different methods are completely independent of each other and would store the same set of rules in 2 different locations.
If you enabled both simultaneously all rules would have a duplicate id.

Which logs did you check?
Or how did you check them?

I suspect you are using the Comodo WAF plugin for cPanel.
If this is correct then to make troubleshooting more easy you should make sure that all ModSecurity Vendors are not enabled in...
"WHM >> Security Center >> ModSecurity Vendors"
You should read the first post in this thread (it was updated today)...
cPanel EasyApache4 + CWAF-plugin+ModSecurity™ Tools Hit list - Free Modsecurity rules - Comodo Web Application Firewall
Especially relevant are the log file paths...
SecAuditLog /var/log/apache2/modsec_audit.log
SecDebugLog /var/log/apache2/modsec_debug.log
Comodo WAF plugin for cPanel may be logging to a different location or if you are using the Comodo WAF plugin to view logs the plugin may be looking at the wrong location for the modsec_audit.log
 

Rockforduk

Well-Known Member
May 5, 2016
45
4
58
London
cPanel Access Level
Root Administrator
Hi Fuzzylogic,
I originally added them as a plugin install, when i upgraded to EA4 it got broken and thought maybe adding it as a vendor would be better. Big mistake it started blocking nearly everything lol, when i had it installed as a plugin on EA3 it worked perfectly fine and i would only have to whitelist only a few things.

So i have disabled all vendors and reinstalled it as a plugin and waiting to so if it rectifies itself. Nothing major at the moment so i will keep monitoring and post back.