Control Web Panel
Security => Mod_Security => Topic started by: changlee on January 09, 2024, 03:22:57 PM
-
That happened before some minutes. At every CWP PRO where I user mod_security with Comodo WAF then every site blocks every user.
So I modified it in order to fix. What do you suggest?
-
I am using the Comodo ruleset -- no lockouts here. Are you sure it's not overly aggressive LFD settings?
-
Before about 18 hours, at EVERY CWP PRO server I manage, the Comodo rules in mod_security locked out everyone. I just changed that and mod_security worked properly again.
I can not find what happened.
-
That happened before some minutes. At every CWP PRO where I user mod_security with Comodo WAF then every site blocks every user.
So I modified it in order to fix. What do you suggest?
Are you using WordPress, with WooCommerce plugin.?!
WooCommerce was updated, and have a new cookies scheme that conflicts with Comodo WAF.
If so, try to downgrade WooCommerce to the old working version.
Regards,
Netino
-
It happened to every single html webiste. Even one index.html static website, at the second click sent Forbiden.
-
It happened to every single html webiste. Even one index.html static website, at the second click sent Forbiden.
Have you tried checking the file '/usr/local/apache/logs/modsec_audit.log', searching for what reason your sites are being blocked?
-
I did not have the time. I just checked more than 10 CWP PRO servers and changed the mo_security NOT to work with Comodo WAF.
-
OWASP has more false positives than Comodo.
-
I do not think that it was false positives. It probably was some misconfiguration after updates. It happened the same hour at every CWP PRO account.
-
That is odd.
We use the Comodo ruleset on all of our servers, and have no reports of any problems.
But have had false positives with OWASP.
-
I can confirm this, wooCommerce version 8.5.1 conflicts with the latest Comodo WAF rules. As soon as wooCommerce gets updated to this version, site dies. Temporary solution is to disable mod_security on the account/domain in question.
-
I would never recommend disabling Mod_Security.
Most of the attacks against our servers are WordPress attacks.
Has anyone tried cPGuard (use Malware.Expert rule set)with wooCommerce?
-
Looks like wooCommerce is blaming Comodo and not something with their 8.5.1 update.
https://developer.woo.com/2024/01/16/woocommerce-8-5-1-issues-with-web-application-firewalls-modsecurity/
But since everything was working OK, I would say it is more of a problem with 8.5.1.
They do offer this as a solution also:
"If the above doesn’t work for you, disable the Order Attribution feature to prevent future users from seeing the 403 errors by going to WooCommerce > Settings > Advanced > Features and toggling the Order Attribution feature off."
-
"If the above doesn’t work for you, disable the Order Attribution feature to prevent future users from seeing the 403 errors by going to WooCommerce > Settings > Advanced > Features and toggling the Order Attribution feature off."
That did not seem to help, still getting 403 Forbidden error.
-
... Temporary solution is to disable mod_security on the account/domain in question.
No, I just switched to OSWAP rules until fix that. No need to disable mod_security.
-
... Temporary solution is to disable mod_security on the account/domain in question.
No, I just switched to OSWAP rules until fix that. No need to disable mod_security.
Disabled Comodo rule with ID 218500 until fix. OWASP causes other incompatibilities so this way we can continue to use Comodo and no need to disable mod_security.
Added..
SecRuleRemoveById 218500
..to /usr/local/apache/modsecurity-cwaf/custom_user.conf
-
... Temporary solution is to disable mod_security on the account/domain in question.
No, I just switched to OSWAP rules until fix that. No need to disable mod_security.
Disabled Comodo rule with ID 218500 until fix. OWASP causes other incompatibilities so this way we can continue to use Comodo and no need to disable mod_security.
Added..
SecRuleRemoveById 218500
..to /usr/local/apache/modsecurity-cwaf/custom_user.conf
I am having the same issue as everyone after an update on WooCommere. This fix my issue =)
-
If anyone needs it, I created a step by step tutorial.
I apologize it took me so long, it's been on my to do list.
https://my.starburstservices.com/index.php?fuse=knowledgebase&controller=articles&view=article&articleId=28 (https://my.starburstservices.com/index.php?fuse=knowledgebase&controller=articles&view=article&articleId=28)
-
FYI Comodo released ruleset 1.241 that took care of this issue on 2024-01-21.
-
Very thank you!