Control Web Panel

Security => Mod_Security => Topic started by: proteus on July 19, 2017, 07:09:26 AM

Title: ModSecurity adds index.php in permalinks
Post by: proteus on July 19, 2017, 07:09:26 AM
Hello
I am running CWP, and installed modsecurity COMODO
After that WordPress permalinks added an index.php in URL
Is this normal?
How get rid this and fix it?
Title: Re: ModSecurity adds index.php in permalinks
Post by: studio4host on July 21, 2017, 07:11:24 AM
mod_security is only application firewall and its not related with this issue.
You should check in the admin area of your wordpress how you have this set, don't forget to check that you have wordpress htaccess file in your wordpress folder.

https://codex.wordpress.org/htaccess
Title: Re: ModSecurity adds index.php in permalinks
Post by: motanu8008 on June 12, 2018, 07:45:01 AM
Hello,

Following on this topic, I have an issue with Mod Security and Wordpress. I am using Comodo WAF rules, and everything works great, except the fact that Wordpress is unable to write .htaccess file. I have to add everything manually in .htaccess.

If I disable Mod Security, everything returns to normal.

Any ideas?

cheers!
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 09, 2018, 09:06:23 PM
Hello,

Following on this topic, I have an issue with Mod Security and Wordpress. I am using Comodo WAF rules, and everything works great, except the fact that Wordpress is unable to write .htaccess file. I have to add everything manually in .htaccess.

If I disable Mod Security, everything returns to normal.

Any ideas?

cheers!

Same problem here. Anyone help us?
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 02:44:30 AM
Running below commands will fix your issue

Code: [Select]
sed -i 's|.*SecServerSignature "CentOS WebPanel: Protected by Mod Security".*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 03:46:34 AM
Running below commands will fix your issue

Code: [Select]
sed -i 's|.*SecServerSignature "CentOS WebPanel: Protected by Mod Security".*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart

not change our problem diffrent :(
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 03:49:46 AM
what is output of

Code: [Select]
cat /usr/local/apache/conf.d/mod_security.conf
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 03:56:17 AM
Code: [Select]
LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so

<IfModule !unique_id_module>
  LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>

<IfModule !mod_security2.c>
  LoadModule security2_module  modules/mod_security2.so
</IfModule>

<IfModule mod_security2.c>
  <IfModule mod_ruid2.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>
  <IfModule itk.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>



  SecRuleEngine On
  SecAuditEngine RelevantOnly
  SecAuditLog /usr/local/apache/logs/modsec_audit.log
  SecDebugLog /usr/local/apache/logs/modsec_debug.log
  SecAuditLogType Serial
  SecDebugLogLevel 0
  SecRequestBodyAccess On
  SecDataDir /tmp
  SecTmpDir /tmp
  SecUploadDir /tmp
  SecCollectionTimeout 600
  SecPcreMatchLimit 1250000
  SecPcreMatchLimitRecursion 1250000
  Include "/usr/local/apache/modsecurity-cwaf/cwaf.conf"



For example when modsecurity on one my plugin when save settings on wordpress gives error "Build rewrite rules error" but when close mod security problems gone.

I try add close modsecurity one domain to add vhost but not close;
Code: [Select]
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 04:00:12 AM
When I provided above solution didnt fix your .htaccess permalink issue?

It it still not creating automatically in your htaccess file?
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 04:05:04 AM
not creating settings  in htaccess file. Blank
mod security doesnt allow write htaccess
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 04:06:03 AM
what is output of
Code: [Select]
tail -f  /usr/local/apache/logs/error_log
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 04:08:39 AM
Code: [Select]
[Fri Aug 10 05:44:15.737587 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: APR compiled version="1.6.2"; loaded version="1.6.2"
[Fri Aug 10 05:44:15.737594 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Fri Aug 10 05:44:15.737598 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: LIBXML compiled version="2.9.1"
[Fri Aug 10 05:44:15.737602 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: Original server signature: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips
[Fri Aug 10 05:44:15.737605 2018] [:notice] [pid 25212:tid 140007126083456] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Fri Aug 10 05:44:15.931833 2018] [ssl:warn] [pid 25216:tid 140007126083456] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Aug 10 05:44:15.934193 2018] [ssl:warn] [pid 25216:tid 140007126083456] AH01906: host.domain.com:443:0 server certificate is a CA certificate (BasicConstraint                                                                        s: CA == TRUE !?)
[Fri Aug 10 05:44:15.984095 2018] [mpm_event:notice] [pid 25216:tid 140007126083456] AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips CentOS WebPanel: Protected by                                                                         Mod Security configured -- resuming normal operations
[Fri Aug 10 05:44:15.984181 2018] [core:notice] [pid 25216:tid 140007126083456] AH00094: Command line: '/usr/local/apache/bin/httpd'
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 04:10:23 AM
Goto you public_html folder and type

rm -rf .htaccess

Then open wordpress admin goto permalink and choose one and save it. See if its working then

Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 04:13:28 AM
Goto you public_html folder and type

rm -rf .htaccess

Then open wordpress admin goto permalink and choose one and save it. See if its working then

Ok I remove .htaccess file. And save permalink on wordpress but htaccess file not create.
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 04:21:06 AM
Looking at above log I am sure you didnt run

Code: [Select]
service httpd restart
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 04:42:55 AM
Anyone facing same issue should run the below commands.

Code: [Select]
sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf
Code: [Select]
service httpd restart
Restarting Apache is necessary
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 04:46:28 AM
sorry for poor english.
so not solve?
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 04:56:19 AM
Its solved.
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 04:57:50 AM
Oh my god.  Thank you very very much.
How to make ? I want to learn steps.
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 05:01:58 AM
The issue is caused because of SecServerSignature in /usr/local/apache/conf.d/mod_security.conf

You can manually goto /usr/local/apache/conf.d/mod_security.conf and remove it

Code: [Select]
nano /usr/local/apache/conf.d/mod_security.conf
Find

Code: [Select]
SecServerSignature "CentOS WebPanel: Protected by Mod Security"
remove the above line and then restart apache

Code: [Select]
service httpd restart
Or else you can run

Code: [Select]
sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 05:15:11 AM
Sir thanks but I reinstall vps with snapshot for try but I try your steps not change anything again.Not create.
Are there deficiencies in steps?
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 05:17:59 AM
It will work for sure.

Do like this

Code: [Select]
nano /usr/local/apache/conf.d/mod_security.conf
Find
Code: [Select]
SecServerSignature "CentOS WebPanel: Protected by Mod Security"
Delete it and restart apache

Code: [Select]
service httpd restart
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 05:22:35 AM
I remove and restart httpd but not change.  :( :( :(
Can you look please
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 05:24:39 AM
What is output of

Code: [Select]
cat /usr/local/apache/conf.d/mod_security.conf
Code: [Select]
tail -f /usr/local/apache/logs/error_log
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 05:27:20 AM
Code: [Select]
LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so

<IfModule !unique_id_module>
  LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>

<IfModule !mod_security2.c>
  LoadModule security2_module  modules/mod_security2.so
</IfModule>

<IfModule mod_security2.c>
  <IfModule mod_ruid2.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>
  <IfModule itk.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>



  SecRuleEngine On
  SecAuditEngine RelevantOnly
  SecAuditLog /usr/local/apache/logs/modsec_audit.log
  SecDebugLog /usr/local/apache/logs/modsec_debug.log
  SecAuditLogType Serial
  SecDebugLogLevel 0
  SecRequestBodyAccess On
  SecDataDir /tmp
  SecTmpDir /tmp
  SecUploadDir /tmp
  SecCollectionTimeout 600
  SecPcreMatchLimit 1250000
  SecPcreMatchLimitRecursion 1250000
  Include "/usr/local/apache/modsecurity-cwaf/cwaf.conf"
</IfModule>

Code: [Select]
[Fri Aug 10 07:21:04.621201 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: APR compiled version="1.6.2"; loaded version="1.6.2"
[Fri Aug 10 07:21:04.621209 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Fri Aug 10 07:21:04.621213 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: LIBXML compiled version="2.9.1"
[Fri Aug 10 07:21:04.621264 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: Original server signature: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips
[Fri Aug 10 07:21:04.621269 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: Status engine is currently disabled, enable it by set SecStatusEngine t                                                                 o On.
[Fri Aug 10 07:21:05.674123 2018] [ssl:warn] [pid 16593:tid 139762516793216] AH0                                                                 1873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Aug 10 07:21:05.676094 2018] [ssl:warn] [pid 16593:tid 139762516793216] AH0                                                                 1906: host.domain.com:443:0 server certificate is a CA certificate (BasicConst                                                                 raints: CA == TRUE !?)
[Fri Aug 10 07:21:06.185104 2018] [mpm_event:notice] [pid 16593:tid 139762516793                                                                 216] AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips CentOS WebPanel: Protecte                                                                 d by Mod Security configured -- resuming normal operations
[Fri Aug 10 07:21:06.185222 2018] [core:notice] [pid 16593:tid 139762516793216]                                                                  AH00094: Command line: '/usr/local/apache/bin/httpd'
[Fri Aug 10 07:21:06.328248 2018] [pagespeed:warn] [pid 16599:tid 13976227142630                                                                 4] [mod_pagespeed 1.13.35.2-0 @16599] Cache Flush 1
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 05:32:22 AM
In your case its loading from file /usr/local/apache/conf.d/modsec2.conf

You need to run

Code: [Select]
sed -i '/SecServerSignature/d' /usr/local/apache/conf.d/modsec2.conf
service httpd restart
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 05:35:43 AM
:) :) :) Thanks your help. Its solve now.
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 10, 2018, 05:41:58 AM
Between you can delete /usr/local/apache/conf.d/modsec2.conf. Its of no use
Code: [Select]
rm -rf /usr/local/apache/conf.d/modsec2.conf
Title: Re: ModSecurity adds index.php in permalinks
Post by: winpeace on August 10, 2018, 09:52:47 AM
Ok.
Can I ask how to update mod security rules for comodo waf?
What I write ssh?
Title: Re: ModSecurity adds index.php in permalinks
Post by: bullten on August 16, 2018, 12:02:07 PM
I don't know how it is setup by developers and when it is actually updating but you can follow the guide I released to install Comodo WAF with GUI. It will work like the same plugin as it works in Cpanel

http://forum.centos-webpanel.com/how-to/perfectly-installing-comdo-waf-on-centos-web-panel-with-gui/
Title: Re: ModSecurity adds index.php in permalinks
Post by: motanu8008 on September 20, 2018, 11:14:37 AM
Hi guys,

Code: [Select]
sed -i 's|.*SecServerSignature "CentOS WebPanel: Protected by Mod Security".*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart

The above code fixed my problem. Htaccess is now being written by Wordpress. Many thanks for the tip!
Title: Re: ModSecurity adds index.php in permalinks
Post by: Dreamer on July 28, 2019, 01:31:22 PM
Yes, i confirm that this solves the issue with the index.php. Thank you!

The issue is caused because of SecServerSignature in /usr/local/apache/conf.d/mod_security.conf

You can manually goto /usr/local/apache/conf.d/mod_security.conf and remove it

Code: [Select]
nano /usr/local/apache/conf.d/mod_security.conf
Find

Code: [Select]
SecServerSignature "CentOS WebPanel: Protected by Mod Security"
remove the above line and then restart apache

Code: [Select]
service httpd restart
Or else you can run

Code: [Select]
sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart