ModSecurity adds index.php in permalinks

Anyone facing same issue should run the below commands.

Code: [Select]

sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf

Code: [Select]

service httpd restart
Restarting Apache is necessary

sorry for poor english.
so not solve?

Its solved.

Oh my god.  Thank you very very much.
How to make ? I want to learn steps.

The issue is caused because of SecServerSignature in /usr/local/apache/conf.d/mod_security.conf

You can manually goto /usr/local/apache/conf.d/mod_security.conf and remove it

Code: [Select]

nano /usr/local/apache/conf.d/mod_security.conf
Find

Code: [Select]

SecServerSignature "CentOS WebPanel: Protected by Mod Security"
remove the above line and then restart apache

Code: [Select]

service httpd restart
Or else you can run

Code: [Select]

sed -i 's|.*SecServerSignature.*||g' /usr/local/apache/conf.d/mod_security.conf
service httpd restart

Sir thanks but I reinstall vps with snapshot for try but I try your steps not change anything again.Not create.
Are there deficiencies in steps?

It will work for sure.

Do like this

Code: [Select]

nano /usr/local/apache/conf.d/mod_security.conf
Find

Code: [Select]

SecServerSignature "CentOS WebPanel: Protected by Mod Security"
Delete it and restart apache

Code: [Select]

service httpd restart

I remove and restart httpd but not change. 
Can you look please

What is output of

Code: [Select]

cat /usr/local/apache/conf.d/mod_security.conf

Code: [Select]

tail -f /usr/local/apache/logs/error_log

Code: [Select]

LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so

<IfModule !unique_id_module>
  LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>

<IfModule !mod_security2.c>
  LoadModule security2_module  modules/mod_security2.so
</IfModule>

<IfModule mod_security2.c>
  <IfModule mod_ruid2.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>
  <IfModule itk.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
  </IfModule>



  SecRuleEngine On
  SecAuditEngine RelevantOnly
  SecAuditLog /usr/local/apache/logs/modsec_audit.log
  SecDebugLog /usr/local/apache/logs/modsec_debug.log
  SecAuditLogType Serial
  SecDebugLogLevel 0
  SecRequestBodyAccess On
  SecDataDir /tmp
  SecTmpDir /tmp
  SecUploadDir /tmp
  SecCollectionTimeout 600
  SecPcreMatchLimit 1250000
  SecPcreMatchLimitRecursion 1250000
  Include "/usr/local/apache/modsecurity-cwaf/cwaf.conf"
</IfModule>

Code: [Select]

[Fri Aug 10 07:21:04.621201 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: APR compiled version="1.6.2"; loaded version="1.6.2"
[Fri Aug 10 07:21:04.621209 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Fri Aug 10 07:21:04.621213 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: LIBXML compiled version="2.9.1"
[Fri Aug 10 07:21:04.621264 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: Original server signature: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips
[Fri Aug 10 07:21:04.621269 2018] [:notice] [pid 16573:tid 139762516793216] ModS                                                                 ecurity: Status engine is currently disabled, enable it by set SecStatusEngine t                                                                 o On.
[Fri Aug 10 07:21:05.674123 2018] [ssl:warn] [pid 16593:tid 139762516793216] AH0                                                                 1873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Aug 10 07:21:05.676094 2018] [ssl:warn] [pid 16593:tid 139762516793216] AH0                                                                 1906: host.domain.com:443:0 server certificate is a CA certificate (BasicConst                                                                 raints: CA == TRUE !?)
[Fri Aug 10 07:21:06.185104 2018] [mpm_event:notice] [pid 16593:tid 139762516793                                                                 216] AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips CentOS WebPanel: Protecte                                                                 d by Mod Security configured -- resuming normal operations
[Fri Aug 10 07:21:06.185222 2018] [core:notice] [pid 16593:tid 139762516793216]                                                                  AH00094: Command line: '/usr/local/apache/bin/httpd'
[Fri Aug 10 07:21:06.328248 2018] [pagespeed:warn] [pid 16599:tid 13976227142630                                                                 4] [mod_pagespeed 1.13.35.2-0 @16599] Cache Flush 1


In your case its loading from file /usr/local/apache/conf.d/modsec2.conf

You need to run

Code: [Select]

sed -i '/SecServerSignature/d' /usr/local/apache/conf.d/modsec2.conf
service httpd restart

Thanks your help. Its solve now.

Between you can delete /usr/local/apache/conf.d/modsec2.conf. Its of no use

Code: [Select]

rm -rf /usr/local/apache/conf.d/modsec2.conf

Ok.
Can I ask how to update mod security rules for comodo waf?
What I write ssh?

I don't know how it is setup by developers and when it is actually updating but you can follow the guide I released to install Comodo WAF with GUI. It will work like the same plugin as it works in Cpanel

http://forum.centos-webpanel.com/how-to/perfectly-installing-comdo-waf-on-centos-web-panel-with-gui/