Control Web Panel
Security => Mod_Security => Topic started by: proteus on July 19, 2017, 07:09:26 AM
-
Hello
I am running CWP, and installed modsecurity COMODO
After that WordPress permalinks added an index.php in URL
Is this normal?
How get rid this and fix it?
-
mod_security is only application firewall and its not related with this issue.
You should check in the admin area of your wordpress how you have this set, don't forget to check that you have wordpress htaccess file in your wordpress folder.
https://codex.wordpress.org/htaccess
-
Hello,
Following on this topic, I have an issue with Mod Security and Wordpress. I am using Comodo WAF rules, and everything works great, except the fact that Wordpress is unable to write .htaccess file. I have to add everything manually in .htaccess.
If I disable Mod Security, everything returns to normal.
Any ideas?
cheers!
-
Hello,
Following on this topic, I have an issue with Mod Security and Wordpress. I am using Comodo WAF rules, and everything works great, except the fact that Wordpress is unable to write .htaccess file. I have to add everything manually in .htaccess.
If I disable Mod Security, everything returns to normal.
Any ideas?
cheers!
Same problem here. Anyone help us?
-
Running below commands will fix your issue
sed -i 's|.*SecServerSignature "CentOS WebPanel: Protected by Mod Security".*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart
-
Running below commands will fix your issue
sed -i 's|.*SecServerSignature "CentOS WebPanel: Protected by Mod Security".*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart
not change our problem diffrent :(
-
what is output of
cat /usr/local/apache/conf.d/mod_security.conf
-
LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so
<IfModule !unique_id_module>
LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>
<IfModule !mod_security2.c>
LoadModule security2_module modules/mod_security2.so
</IfModule>
<IfModule mod_security2.c>
<IfModule mod_ruid2.c>
SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
SecAuditLogType Concurrent
</IfModule>
<IfModule itk.c>
SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
SecAuditLogType Concurrent
</IfModule>
SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog /usr/local/apache/logs/modsec_audit.log
SecDebugLog /usr/local/apache/logs/modsec_debug.log
SecAuditLogType Serial
SecDebugLogLevel 0
SecRequestBodyAccess On
SecDataDir /tmp
SecTmpDir /tmp
SecUploadDir /tmp
SecCollectionTimeout 600
SecPcreMatchLimit 1250000
SecPcreMatchLimitRecursion 1250000
Include "/usr/local/apache/modsecurity-cwaf/cwaf.conf"
For example when modsecurity on one my plugin when save settings on wordpress gives error "Build rewrite rules error" but when close mod security problems gone.
I try add close modsecurity one domain to add vhost but not close;
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
-
When I provided above solution didnt fix your .htaccess permalink issue?
It it still not creating automatically in your htaccess file?
-
not creating settings in htaccess file. Blank
mod security doesnt allow write htaccess
-
what is output of
tail -f /usr/local/apache/logs/error_log
-
[Fri Aug 10 05:44:15.737587 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: APR compiled version="1.6.2"; loaded version="1.6.2"
[Fri Aug 10 05:44:15.737594 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Fri Aug 10 05:44:15.737598 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: LIBXML compiled version="2.9.1"
[Fri Aug 10 05:44:15.737602 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: Original server signature: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips
[Fri Aug 10 05:44:15.737605 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Fri Aug 10 05:44:15.931833 2018] [ssl:warn] [pid 25216:tid 140007126083456] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Aug 10 05:44:15.934193 2018] [ssl:warn] [pid 25216:tid 140007126083456] AH01906: host.domain.com:443:0 server certificate is a CA certificate (BasicConstraint s: CA == TRUE !?)
[Fri Aug 10 05:44:15.984095 2018] [mpm_event:notice] [pid 25216:tid 140007126083456] AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips CentOS WebPanel: Protected by Mod Security configured -- resuming normal operations
[Fri Aug 10 05:44:15.984181 2018] [core:notice] [pid 25216:tid 140007126083456] AH00094: Command line: '/usr/local/apache/bin/httpd'
-
Goto you public_html folder and type
rm -rf .htaccess
Then open wordpress admin goto permalink and choose one and save it. See if its working then
-
Goto you public_html folder and type
rm -rf .htaccess
Then open wordpress admin goto permalink and choose one and save it. See if its working then
Ok I remove .htaccess file. And save permalink on wordpress but htaccess file not create.
-
Looking at above log I am sure you didnt run
service httpd restart
-
Anyone facing same issue should run the below commands.
sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart
Restarting Apache is necessary
-
sorry for poor english.
so not solve?
-
Its solved.
-
Oh my god. Thank you very very much.
How to make ? I want to learn steps.
-
The issue is caused because of SecServerSignature in /usr/local/apache/conf.d/mod_security.conf
You can manually goto /usr/local/apache/conf.d/mod_security.conf and remove it
nano /usr/local/apache/conf.d/mod_security.conf
Find
SecServerSignature "CentOS WebPanel: Protected by Mod Security"
remove the above line and then restart apache
service httpd restart
Or else you can run
sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart
-
Sir thanks but I reinstall vps with snapshot for try but I try your steps not change anything again.Not create.
Are there deficiencies in steps?
-
It will work for sure.
Do like this
nano /usr/local/apache/conf.d/mod_security.conf
Find
SecServerSignature "CentOS WebPanel: Protected by Mod Security"
Delete it and restart apache
service httpd restart
-
I remove and restart httpd but not change. :( :( :(
Can you look please
-
What is output of
cat /usr/local/apache/conf.d/mod_security.conf
tail -f /usr/local/apache/logs/error_log
-
LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so
<IfModule !unique_id_module>
LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>
<IfModule !mod_security2.c>
LoadModule security2_module modules/mod_security2.so
</IfModule>
<IfModule mod_security2.c>
<IfModule mod_ruid2.c>
SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
SecAuditLogType Concurrent
</IfModule>
<IfModule itk.c>
SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
SecAuditLogType Concurrent
</IfModule>
SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog /usr/local/apache/logs/modsec_audit.log
SecDebugLog /usr/local/apache/logs/modsec_debug.log
SecAuditLogType Serial
SecDebugLogLevel 0
SecRequestBodyAccess On
SecDataDir /tmp
SecTmpDir /tmp
SecUploadDir /tmp
SecCollectionTimeout 600
SecPcreMatchLimit 1250000
SecPcreMatchLimitRecursion 1250000
Include "/usr/local/apache/modsecurity-cwaf/cwaf.conf"
</IfModule>
[Fri Aug 10 07:21:04.621201 2018] [:notice] [pid 16573:tid 139762516793216] ModS ecurity: APR compiled version="1.6.2"; loaded version="1.6.2"
[Fri Aug 10 07:21:04.621209 2018] [:notice] [pid 16573:tid 139762516793216] ModS ecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Fri Aug 10 07:21:04.621213 2018] [:notice] [pid 16573:tid 139762516793216] ModS ecurity: LIBXML compiled version="2.9.1"
[Fri Aug 10 07:21:04.621264 2018] [:notice] [pid 16573:tid 139762516793216] ModS ecurity: Original server signature: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips
[Fri Aug 10 07:21:04.621269 2018] [:notice] [pid 16573:tid 139762516793216] ModS ecurity: Status engine is currently disabled, enable it by set SecStatusEngine t o On.
[Fri Aug 10 07:21:05.674123 2018] [ssl:warn] [pid 16593:tid 139762516793216] AH0 1873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Aug 10 07:21:05.676094 2018] [ssl:warn] [pid 16593:tid 139762516793216] AH0 1906: host.domain.com:443:0 server certificate is a CA certificate (BasicConst raints: CA == TRUE !?)
[Fri Aug 10 07:21:06.185104 2018] [mpm_event:notice] [pid 16593:tid 139762516793 216] AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips CentOS WebPanel: Protecte d by Mod Security configured -- resuming normal operations
[Fri Aug 10 07:21:06.185222 2018] [core:notice] [pid 16593:tid 139762516793216] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Fri Aug 10 07:21:06.328248 2018] [pagespeed:warn] [pid 16599:tid 13976227142630 4] [mod_pagespeed 1.13.35.2-0 @16599] Cache Flush 1
-
In your case its loading from file /usr/local/apache/conf.d/modsec2.conf
You need to run
sed -i '/SecServerSignature/d' /usr/local/apache/conf.d/modsec2.conf
service httpd restart
-
:) :) :) Thanks your help. Its solve now.
-
Between you can delete /usr/local/apache/conf.d/modsec2.conf. Its of no use
rm -rf /usr/local/apache/conf.d/modsec2.conf
-
Ok.
Can I ask how to update mod security rules for comodo waf?
What I write ssh?
-
I don't know how it is setup by developers and when it is actually updating but you can follow the guide I released to install Comodo WAF with GUI. It will work like the same plugin as it works in Cpanel
http://forum.centos-webpanel.com/how-to/perfectly-installing-comdo-waf-on-centos-web-panel-with-gui/
-
Hi guys,
sed -i 's|.*SecServerSignature "CentOS WebPanel: Protected by Mod Security".*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart
The above code fixed my problem. Htaccess is now being written by Wordpress. Many thanks for the tip!
-
Yes, i confirm that this solves the issue with the index.php. Thank you!
The issue is caused because of SecServerSignature in /usr/local/apache/conf.d/mod_security.conf
You can manually goto /usr/local/apache/conf.d/mod_security.conf and remove it
nano /usr/local/apache/conf.d/mod_security.conf
Find
SecServerSignature "CentOS WebPanel: Protected by Mod Security"
remove the above line and then restart apache
service httpd restart
Or else you can run
sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart