Author Topic: :):):) Comodo WAF rules update required :):):)  (Read 379 times)

0 Members and 3 Guests are viewing this topic.

Offline
*
:):):) Comodo WAF rules update required :):):)
« on: November 12, 2024, 01:18:25 PM »
hello,

kindly update comodo waf rules for mod security in cwp as new version waf rules have many fixes for known issues. its pending since long to update .

Regards,

Zee

Offline
*****
Re: :):):) Comodo WAF rules update required :):):)
« Reply #1 on: November 13, 2024, 06:50:58 AM »
It looks like when Comodo was bought out the WAF rules got dropped.
The last ruleset version that came out on 2024-01-21 fixed the WordPress bug, which was 1.241 that you can manually update.

Offline
*
Re: :):):) Comodo WAF rules update required :):):)
« Reply #2 on: November 13, 2024, 01:38:32 PM »
can you please tell me how to update comodo waf rules manuall. i am new :(

Offline
*
Re: :):):) Comodo WAF rules update required :):):)
« Reply #3 on: November 14, 2024, 01:02:24 PM »
It looks like when Comodo was bought out the WAF rules got dropped.
The last ruleset version that came out on 2024-01-21 fixed the WordPress bug, which was 1.241 that you can manually update.

can you plz help tell me how to update comodo waf rules to latest version manually i am new to this  :-[

Offline
*
Re: :):):) Comodo WAF rules update required :):):)
« Reply #4 on: November 14, 2024, 01:05:44 PM »
@ CWP Development Team

kindly do it for all as its hardly few mins job for you guys and it will help all cwp users.  :) :) :)

Offline
*****
Re: :):):) Comodo WAF rules update required :):):)
« Reply #5 on: November 15, 2024, 01:06:25 AM »
Comodo was bought out by another company.

You can try and register for an account and download the last ruleset 1.241 from https://waf.comodo.com

Let me know if it works. As I haven't been able to login for a couple months now.
But not sure is @overseer has been able to or not.

If not, you can visit one of our US mirrors at: https://m3.stl.us.ssimn.org/Comodo-Rules/
The latest ruleset I know of is 1.241, unzip that to your local computer, and upload the files from Rules to your server at /usr/local/apache/modsecurity-cwaf/rules

Easiest way is using the SFTP built into Bitvise after you have logged in via SSH.

Offline
*****
Re: :):):) Comodo WAF rules update required :):):)
« Reply #6 on: November 15, 2024, 02:56:12 AM »
1.241 is the latest version, per their Apache yaml file:
https://waf.comodo.com/doc/meta_comodo_apache.yaml

Their documentation literature speaks of "occasional" and "periodic" updates, so I guess early 2024 qualifies...
::)

And note that it is still Comodo -- they have just rebranded to Xcitium after their new flagship endpoint production product (read: $$$$).
https://www.nasdaq.com/press-release/comodo-security-solutions-rebrands-to-xcitium-2022-07-07
(This after a failed rebrand to Sectigo earlier...)
« Last Edit: November 15, 2024, 02:59:12 AM by overseer »

Offline
*****
Re: :):):) Comodo WAF rules update required :):):)
« Reply #7 on: November 15, 2024, 03:17:02 AM »
@overseer, are you able to login to https://waf.comodo.com, I'm still getting the same error I've been getting for months now.

I've tried contacting them via their email address & forums without success.
« Last Edit: November 15, 2024, 03:18:43 AM by Starburst »

Offline
*
Re: :):):) Comodo WAF rules update required :):):)
« Reply #8 on: November 15, 2024, 06:42:56 AM »
@overseer, are you able to login to https://waf.comodo.com, I'm still getting the same error I've been getting for months now.

I've tried contacting them via their email address & forums without success.

i am also not able to login to my comodo account at https://waf.comodo.com
also the below url doesnt work
https://m3.stl.us.ssimn.org/Comodo-Rules/

Offline
*
Re: :):):) Comodo WAF rules update required :):):)
« Reply #9 on: November 15, 2024, 07:18:43 AM »
Comodo was bought out by another company.

You can try and register for an account and download the last ruleset 1.241 from https://waf.comodo.com

Let me know if it works. As I haven't been able to login for a couple months now.
But not sure is @overseer has been able to or not.

If not, you can visit one of our US mirrors at: https://m3.stl.us.ssimn.org/Comodo-Rules/
The latest ruleset I know of is 1.241, unzip that to your local computer, and upload the files from Rules to your server at /usr/local/apache/modsecurity-cwaf/rules

Easiest way is using the SFTP built into Bitvise after you have logged in via SSH.

@Starburst if you have comodo waf 1.241 rules can you plz make a zip file and share with me as i cant find it anywhere on net to download from :(

Offline
*
Re: :):):) Comodo WAF rules update required :):):)
« Reply #10 on: November 15, 2024, 07:24:19 AM »
i switched to OWASP latest waf but that doesnt seem to be triggering rules as i tried the follow but instead of blocking it open website normally.

https://droppy.pk/?SELECT * FROM mysql.users
or
http://droppy.pk/?test=/etc/passwd

and in logs i get this :
-----------------------------------------------------------------------------
[Fri Nov 15 08:22:54.697941 2024] [:error] [pid 1240692:tid 1240745] [client 182.183.59.223:49493] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/handler/getjstranslation"] [unique_id "Zzb2zmxzeCbNjj3Zw9xjvgAAAIs"], referer: https://droppy.pk/?SELECT%20*%20FROM%20mysql.users
[Fri Nov 15 08:22:54.697362 2024] [:error] [pid 1240692:tid 1240745] [client 182.183.59.223:49493] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1010"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "droppy.pk"] [uri "/handler/getjstranslation"] [unique_id "Zzb2zmxzeCbNjj3Zw9xjvgAAAIs"], referer: https://droppy.pk/?SELECT%20*%20FROM%20mysql.users
[Fri Nov 15 08:22:54.168467 2024] [:error] [pid 1240692:tid 1240750] [client 182.183.59.223:49493] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/assets/themes/modern/css/style.css"] [unique_id "Zzb2zmxzeCbNjj3Zw9xjvQAAAI0"], referer: https://droppy.pk/?SELECT%20*%20FROM%20mysql.users
[Fri Nov 15 08:22:54.167868 2024] [:error] [pid 1240692:tid 1240750] [client 182.183.59.223:49493] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1010"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "droppy.pk"] [uri "/assets/themes/modern/css/style.css"] [unique_id "Zzb2zmxzeCbNjj3Zw9xjvQAAAI0"], referer: https://droppy.pk/?SELECT%20*%20FROM%20mysql.users
[Fri Nov 15 08:22:53.797438 2024] [:error] [pid 1242044:tid 1242048] [client 182.183.59.223:49492] [client 182.183.59.223] ModSecurity: Warning. Found 4 byte(s) in ARGS_NAMES:SELECT * FROM mysql.users outside range: 38,44-46,48-58,61,65-90,95,97-122. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1501"] [id "920273"] [msg "Invalid character in request (outside of very strict set)"] [data "ARGS_NAMES:SELECT * FROM mysql.users=SELECT * FROM mysql.users"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "paranoia-level/4"] [hostname "droppy.pk"] [uri "/"] [unique_id "Zzb2zV2B16OYtZuRIUyWzwAAAMI"]
[Fri Nov 15 08:22:53.797161 2024] [:error] [pid 1242044:tid 1242048] [client 182.183.59.223:49492] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/"] [unique_id "Zzb2zV2B16OYtZuRIUyWzwAAAMI"]
[Fri Nov 15 08:22:53.796455 2024] [:error] [pid 1242044:tid 1242048] [client 182.183.59.223:49492] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1010"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "droppy.pk"] [uri "/"] [unique_id "Zzb2zV2B16OYtZuRIUyWzwAAAMI"]
[Fri Nov 15 08:22:25.022988 2024] [:error] [pid 1240690:tid 1240715] [client 182.183.59.223:49486] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/assets/backgrounds/default_1.jpg"] [unique_id "Zzb2sRFWEN9VqJUDmOxF9gAAABU"], referer: http://droppy.pk/
[Fri Nov 15 08:22:25.018234 2024] [:error] [pid 1240690:tid 1240715] [client 182.183.59.223:49486] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1010"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "droppy.pk"] [uri "/assets/backgrounds/default_1.jpg"] [unique_id "Zzb2sRFWEN9VqJUDmOxF9gAAABU"], referer: http://droppy.pk/
[Fri Nov 15 08:22:17.129025 2024] [:error] [pid 1242044:tid 1242068] [client 182.183.59.223:49478] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/assets/backgrounds/default_2.jpg"] [unique_id "Zzb2qV2B16OYtZuRIUyWzgAAANY"], referer: http://droppy.pk/
[Fri Nov 15 08:22:17.127896 2024] [:error] [pid 1242044:tid 1242068] [client 182.183.59.223:49478] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1010"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "droppy.pk"] [uri "/assets/backgrounds/default_2.jpg"] [unique_id "Zzb2qV2B16OYtZuRIUyWzgAAANY"], referer: http://droppy.pk/
[Fri Nov 15 08:22:11.966470 2024] [:error] [pid 1240692:tid 1240742] [client 182.183.59.223:49477] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/handler/getjstranslation"] [unique_id "Zzb2o2xzeCbNjj3Zw9xjvAAAAIo"], referer: http://droppy.pk/
[Fri Nov 15 08:22:11.965929 2024] [:error] [pid 1240692:tid 1240742] [client 182.183.59.223:49477] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1010"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "droppy.pk"] [uri "/handler/getjstranslation"] [unique_id "Zzb2o2xzeCbNjj3Zw9xjvAAAAIo"], referer: http://droppy.pk/
[Fri Nov 15 08:22:11.790194 2024] [:error] [pid 1240690:tid 1240712] [client 182.183.59.223:49475] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/assets/themes/modern/mecwbjnp.json"] [unique_id "Zzb2oxFWEN9VqJUDmOxF9QAAABI"], referer: http://droppy.pk/
[Fri Nov 15 08:22:11.789808 2024] [:error] [pid 1240690:tid 1240712] [client 182.183.59.223:49475] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1010"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "droppy.pk"] [uri "/assets/themes/modern/mecwbjnp.json"] [unique_id "Zzb2oxFWEN9VqJUDmOxF9QAAABI"], referer: http://droppy.pk/
[Fri Nov 15 08:22:11.788819 2024] [:error] [pid 1240691:tid 1240744] [client 182.183.59.223:49476] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/assets/themes/modern/rhvddzym.json"] [unique_id "Zzb2oyJ1bJ7aspqJdiGglQAAAEs"], referer: http://droppy.pk/
[Fri Nov 15 08:22:11.788237 2024] [:error] [pid 1240691:tid 1240744] [client 182.183.59.223:49476] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1010"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "droppy.pk"] [uri "/assets/themes/modern/rhvddzym.json"] [unique_id "Zzb2oyJ1bJ7aspqJdiGglQAAAEs"], referer: http://droppy.pk/
[Fri Nov 15 08:22:11.759787 2024] [:error] [pid 1240690:tid 1240711] [client 182.183.59.223:49474] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/assets/themes/modern/lupuorrc.json"] [unique_id "Zzb2oxFWEN9VqJUDmOxF9AAAABE"], referer: http://droppy.pk/
[Fri Nov 15 08:22:11.759077 2024] [:error] [pid 1240690:tid 1240711] [client 182.183.59.223:49474] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1010"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "droppy.pk"] [uri "/assets/themes/modern/lupuorrc.json"] [unique_id "Zzb2oxFWEN9VqJUDmOxF9AAAABE"], referer: http://droppy.pk/
[Fri Nov 15 08:22:11.069038 2024] [:error] [pid 1242044:tid 1242064] [client 182.183.59.223:49466] [client 182.183.59.223] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "43"] [id "911100"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "droppy.pk"] [uri "/assets/themes/modern/css/style.css"] [unique_id "Zzb2o12B16OYtZuRIUyWzQAAANI"], referer: http://droppy.pk/


Offline
*****
Re: :):):) Comodo WAF rules update required :):):)
« Reply #11 on: November 15, 2024, 08:05:49 AM »
I'm guessing your country code is PK?

That's probably why you can't connect.
Try the link now.

Offline
*
Re: :):):) Comodo WAF rules update required :):):)
« Reply #12 on: November 15, 2024, 09:35:19 AM »
I'm guessing your country code is PK?

That's probably why you can't connect.
Try the link now.

yes its working now and thanks a lot for your help.

so should i just unzip all files to  /usr/local/apache/modsecurity-cwaf/rules location on my server thats it ? it will update and install new rules automatically?or do i have to remove old rule files from this location first

Offline
*
Re: :):):) Comodo WAF rules update required :):):)
« Reply #13 on: November 15, 2024, 09:49:04 AM »
i just updated the rules to 1.241 version but same issue all wordpress sites are being blocked . only first page is opened and if i click on any other link on wordpress website its blocked by comodo waf rule

Offline
*
Re: :):):) Comodo WAF rules update required :):):)
« Reply #14 on: November 15, 2024, 10:06:32 AM »
i switched back to OWASP latest rules but they are not blocking malicious attempts . i can see in logs its detecting but attempt is not blocked  :-[

on the other hand comodo waf rules keeps blocking everything  :-\ before last update everything was fine and comodo waf rules were the best