Comodo ModSecurity Rules (WAF)

Comodo offers free ModSecurity Rules for Apache mod_security. 

1) Register at Comodo Waf website https://waf.comodo.com/ as we will be needing Email and Password later.

https://accounts.comodo.com/cwaf/management/signup

2) Install Mod_Security.

cd /usr/src
wget https://www.modsecurity.org/tarball/2.9.0/modsecurity-2.9.0.tar.gz
tar xzf modsecurity-2.9.0.tar.gz
cd modsecurity-2.9.0
./configure --with-apxs=/usr/local/apache/bin/apxs
make && make install

 

3) Create Mod_Security config file.

wget --output-document="/usr/local/apache/conf.d/modsec2.conf" http://dl-package.bullten.in/cwp/files/mod_security/modsec2.txt

 

4) Restart Apache.

service httpd restart

 

5) Check if Mod_Security is loaded in Apache.

/usr/local/apache/bin/httpd -M

 

6) Now Install Comodo Waf.

cd /usr/src
wget https://waf.comodo.com/cpanel/cwaf_client_install.sh
sh cwaf_client_install.sh

Press Enter:

Press Enter:

Press Enter:

Press Enter (It will install missing perl modules):

Enter your email used at waf.comodo.com:

Enter your password used at waf.comodo.com and confirm it again:

Enter /usr/local as path and press enter:

Installation will complete now

 

7) Now include CWAF path in mod_security config file.

sed -i '/SecPcreMatchLimitRecursion 250000/a \ \ Include "/usr/local/cwaf/etc/cwaf.conf"' /usr/local/apache/conf.d/modsec2.conf

 

8) Update CWAF rules.

/usr/local/cwaf/scripts/updater.pl

 

9) Restart Apache.

service httpd restart

 

10) Check if CWAF is protecting your website.

Tail the command below using putty.

tail -f /usr/local/apache/logs/modsec_audit.log

Run the below URL in you browser.

http://yoursite.com/?a=b AND 1=1


 

Some useful paths:

Update rules: /usr/local/cwaf/scripts/updater.pl
Rules Config files: /usr/local/cwaf/etc/cwaf.conf
Mod_Security Audit Log: /usr/local/apache/logs/modsec_audit.log
Mod_Security Debug Log: /usr/local/apache/logs/modsec_debug.log
Create your own rules: /usr/local/cwaf/etc/httpd/custom_user.conf

 

Command line utility is available # May not work in standalone installation.

/usr/local/cwaf/scripts/cwaf-cli.pl

 

===========================================================================

Generate Default Blocked Rules List:

/usr/local/cwaf/scripts/cwaf-cli.pl -xd 500000000

Generated File: /usr/local/cwaf/etc/httpd/global/zzz_exclude_global.conf

============================================================================

List Blocked Rules ID:

/usr/local/cwaf/scripts/cwaf-cli.pl -xl

============================================================================
 

Uninstall Comodo Waf:

/usr/local/cwaf/scripts/uninstall_cwaf.sh
sed -i '/cwaf*.conf/d' /usr/local/apache/conf.d/modsec2.conf
service httpd restart

 

https://panel.bullten.net/knowledgebase.php?action=displayarticle&id=48