ModSecurity Tools Hits List is empty

[robertjw]

ModSecurity has recently been installed on the server using EA4. Server is standard cPanel configuration, nothing unusual. /usr/local/apache/logs/modsec_audit.log is logging data and looks correct.

COMODO ModSecurity Apache Rule Set is installed as a vendor and enabled.

/etc/apache2/conf.d/modsec/modsec2.cpanel.conf does not show any SecAuditLog entry.

Why is
HomeHome »Security Center »ModSecurity™ Tools »Hits List
empty?

 

[JacobPerkins]

Hi,

SecAuditLog is located in /etc/apache2/conf.d/modsec2.conf.

Could you post what configurations are in the /etc/apache2/conf.d/modsec/modsec2.cpanel.net? For example:

SecAuditEngine "RelevantOnly"
SecRuleEngine "On"

 

[robertjw]

OK, found the SecAuditLog in /etc/apache2/conf.d/modsec2.conf and it's set to:

    SecAuditLog logs/modsec_audit.log
    SecDebugLog logs/modsec_debug.log
    SecDebugLogLevel 0
    SecDefaultAction "phase:2,deny,log,status:406"

Data is being logged to modsec_audit.log

Sure, here's what's in /etc/apache2/conf.d/modsec/modsec2.cpanel.net

SecDataDir "/var/cpanel/secdatadir"
SecAuditEngine "On"
SecConnEngine "On"
SecRuleEngine "On"

And a bunch of include lines like this one

Include "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/00_Init_Initialization.conf"

All for comodo_apache - I can post them if you want.

 

[cPanelMichael]

Hello,

I believe this is an issue with the Comodo WAF plugin and it's integration with EasyApache 4. You can find a post from a Comodo staff member on this topic at:

cPanel EasyApache4 + CWAF-plugin+ModSecurity™ Tools Hit list - Free Modsecurity rules - Comodo Web Application Firewall

You may want to respond to the thread to report the issue if it's still occurring after taking those steps.

Thank you.