:):):) Comodo WAF rules update required :):):)

Updated both KB articles.

We updated some paths on the downloads server.

https://dl.starburst.help/

Updated both KB articles.

We updated some paths on the downloads server.

https://dl.starburst.help/

Hi,

thank you very much for the answer...

I try to access and download the file from the new download path, but again it doesn't work, it returns This site can't be reached / dl.starburst.help took too long to respond. Could it be that there is protection or limited access from a certain country...?

Please clarify - in the article about the rules 4.12.0:

https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9/

1. In step 8, I create the file global_disabled_rules.conf and then change its content or itself with it with what I download as recommended.conf?

2. The lobal_disabled_rules.conf file remains in the /usr/local/apache/modsecurity-owasp-latest/coreruleset-4.12.0/ directory

3. In step 9, as far as I understand, there are two options for the code:
3.1 Include “/usr/local/apache/modsecurity-owasp-latest/coreruleset-4.12.0/owasp.conf” - which owasp.conf remains in the coreruleset-4.12.0 directory??

3.2 Include "/usr/local/apache/modsecurity-owasp-latest/owasp.conf" - which owasp.conf is moved to the modsecurity-owasp-latest directory??

3.1 or 3.2 is better?

4. You say:
"Notice we moved the owasp.conf to the root of the OWASP Rulesets, so any future updates you can just update the version number in the Include path." - update the version number in the Include path = version number in the Include path in the three lines of the owasp.conf file ??

5. If option 3.2 is chosen, where we move the owasp.conf file to the modsecurity-owasp-latest directory - other files from the coreruleset-4.12.0 directory are not moved, right?

Thanks in advance!

BR
Venty

Everything works according to the instructions. Unfortunately, CWP Security Center stops working.

Just created a ModSecurity folder. There will be some more tutorials coming soon.

If it doesn't redirect you, the new URL is:
https://starburst.help/control-web-panel-cwp/modsecurity/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9/

Yes, Step 8 creates the global_disabled_rules.conf file.

What is put in here depends on personal needs/wants to allow thru.

Step 9 is depending on how mod_security.conf was setup.

Either way, it should be changed to

Code: [Select]

Include "/usr/local/apache/modsecurity-owasp-latest/owasp.conf"If you are following that KB to the letter.

This KB moved it to to sub-root directory, so it is easily modified for the next OWASP CRS update (e.g. 4.13.0), you just have to change a couple numbers, instead of creating a whole new owasp.conf file every time you update.

Just created a ModSecurity folder. There will be some more tutorials coming soon.

If it doesn't redirect you, the new URL is:
https://starburst.help/control-web-panel-cwp/modsecurity/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9/

Yes, Step 8 creates the global_disabled_rules.conf file.

What is put in here depends on personal needs/wants to allow thru.

Step 9 is depending on how mod_security.conf was setup.

Either way, it should be changed to

Code: [Select]

Include "/usr/local/apache/modsecurity-owasp-latest/owasp.conf"If you are following that KB to the letter.

This KB moved it to to sub-root directory, so it is easily modified for the next OWASP CRS update (e.g. 4.13.0), you just have to change a couple numbers, instead of creating a whole new owasp.conf file every time you update.

Hi,

thank you very much for the answer...

https://dl.starburst.help/ does not work...

BR
Venty

What is your country? https://dl.starburst.help/ works here with Xfinity (Comcast) in the USA.

What is your country? https://dl.starburst.help/ works here with Xfinity (Comcast) in the USA.

Hi,

Bulgaria, please come ...

BR
Venty

Works from Florida on Xfinity Cable, and Georgia on AT&T Fiber.

I'm curious also, what area/country are you trying to access it from?

i switched back to OWASP latest rules but they are not blocking malicious attempts . i can see in logs its detecting but attempt is not blocked 

on the other hand comodo waf rules keeps blocking everything  before last update everything was fine and comodo waf rules were the best

Change these lines in csf.conf

Code: [Select]

MODSEC = "2"

Code: [Select]

MODSEC_LOG = "/usr/local/apache/logs/error_log /usr/local/apache/domlogs/*rror.log"Yes, there is a space between those 2 paths, it's kinda hard to see.

What is your country? https://dl.starburst.help/ works here with Xfinity (Comcast) in the USA.

Hi,

Bulgaria, please come ...

BR
Venty

I'll take a look, IP's from BG like attacking the servers.

Try now, if you are still blocked, then Cloudflare has either the individual IP range or AS blocked.

What is your country? https://dl.starburst.help/ works here with Xfinity (Comcast) in the USA.

Hi,

Bulgaria, please come ...

BR
Venty

I'll take a look, IP's from BG like attacking the servers.

Try now, if you are still blocked, then Cloudflare has either the individual IP range or AS blocked.

Thank you very much!

Hi,

in this article :

https://starburst.help/control-web-panel-cwp/modsecurity/owasp-crs-ruleset-update-to-4-12-0-running-cwp-and-apache-on-almalinux-8-9/

here ( step 8 ), please look maybe there is an error: https://prnt.sc/CrpsjlKky6R2

After the correction I made and when trying to test the mod security, the test does not work???

BR
Venty

Depends on the path you created global_disabled_rules.conf in.

Those are Examples, you could have your global_disabled_rules.conf in /usr/this/dir, and then would have to configure the owasp.conf to reflect the path.

I updated it, so it a little more simple and cut & paste.