Control Web Panel
Security => Mod_Security => Topic started by: zeejdeej on September 08, 2024, 05:49:43 PM
-
hello,
i have recently installed CWP pro on a new Almalinux 9,everything is working fine but when i install MOD Security all the websites goes down and give below error: when i uninstall MOD Security all sites start working fine. what could be wrong ? and how to fix it any suggestions plz
Unable to connect
An error occurred during a connection to 38.242.244.140.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the web.
-
Does anything show up in the logs under Mod Security or your Apache log files?
-
Look at this thread:
https://forum.centos-webpanel.com/centos-9-problems/apache-wont-restart-after-enabling-mod_security/msg48744/#msg48744
it seems you have the same problem.
Hope it will help you to solve the problem.
-
There has been multiple posts about this problem.
See:
https://kb.starburstservices.com/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/apache-wont-start-after-enabling-mod_security/ (https://kb.starburstservices.com/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/apache-wont-start-after-enabling-mod_security/)
-
thanks a lot guys it worked after adding the following line :
LoadFile /usr/lib64/liblua-5.4.so
but now mod security is giving forbidden access to all the websites pages.
the main page is opened but when i click on any other link on website it triggers the mod security rule i am using comodo waf rules. how to fix forbidden access issue now . :)
any suggestions
-
The simplest way is to disable mod_security :)
The correct way is to check mod_security logs, identify the blocking rule and disable it or modify according to the requirements of your site. Look here:
https://wiki.centos-webpanel.com/mod_security-for-cwp
to learn how to do this.
-
Which ruleset are you using?
Comodo is at 1.241 that has fixes in it for WooCommerce.
The ones CWP installs are 1.240.
OWASP isn't bad, but isn't good either.
It seems to gives ALOT of false positives.
-
Go figure https://waf.comodo.com/ (https://waf.comodo.com/) is down, again...
-
my cwp pro is stuck at comodo waf v 1.240 i tried many times to update to v 1.241 manually by replacing the waf rules files but it revert back to v. 1.240 most probably due to cwp automatic update cron job.
i tried to switch to OWASP latest but as you said it had too many false positives and even after fine tuning i am not able to keep my hosted website unblocked.
i want to try atomic crop free waf rules as i heard they are good and atleast updates once a month and have lesser false positives? have you tried it? any suggestions
-
i think cwp should consider integrating atomic crop. free waf rules in cwp panel so everyone can benifit using it . manual installation and configuration have too many errors and conflicts as cwp got custom configuration only cwp panel admins knows best.
-
You mean this?
https://atomicorp.com/atomic-waf-web-application-firewall/
It looks to be paid for their ModSecurity ruleset -- $22.50/month
https://www.atomicorp.com/amember/cart/index/product/id/123/c/?utm_medium=email&utm_source=sharpspring-email
-
no i am taking about this :
https://atomicorp.com/free-modsecurity-rules/