Comodo WAF as a ModSecurity Vendor

Hi! You can already add custom ModSecurity vendors.

Full documentation for it can be found at: http://documentation.cpanel.net/display/ALD/ModSecurity+Vendors

I hope this helps.

-Travis

Tristan J. Wallace said this in the support ticket that I have below.

1. Comodo is not being investigated yet as a possible vendor (OWASP ruleset

   is the provided vendor at this time). In case 171041, the discussion

   was made that this would be best set as a feature request instead at http://features.cpanel.net location.

So I added a feature request as said to do.

You can read from Comodo forums which is listed above what is being said too.

It would be nice to have it for everyone who want use Comodo.

Right now I have 10 servers using Comodo as 3rd party app and would be nice to not do it that way.

OWASP is known to have lots of false positives, Comod's ruleset seems to basicly be an improved version of OWASP with much fewer false positives and even a specific version for Litespeed.

We've been using comodo's ruleset for quite some time now.

Comodo say they have created yaml files but are waiting for cPanel's aproval to confirm if they are correct.

Has cPanel checked them out yet ?

We would have prefered to have comodo's ruleset by default instead of the less polished OWASP ones...

Of course it would be better to change it from OWASP to Comodo, but don't think you will do that now.

But they should at least add them as a vendor!

We got over 50 servers running Comodo. We changed from Configserver and have only experienced some small issues. It's much better than CMC.

YAY... Good News

I am testing it out on one of my servers now.

Comodo can now be easily installed as ModSecurity Vendor to cPanel for Apache and LiteSpeed platforms.

https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/comodo-as-a-modsecurity-vendor-in-cpanel-t110147.0.html

1. Input one of URLs depending on your web-server:
   Comodo ModSecurity Apache Rule Set: https://waf.comodo.com/doc/meta_comodo-apache.yamlComodo ModSecurity LiteSpeed Rule Set: https://waf.comodo.com/doc/meta_comodo-litespeed.yaml

Comodo as a ModSecurity Vendor in cPanel

If your server is running cPanel 11.48 and higher you may install Comodo as ModSecurity Vendor.

• Go to Security Center -> ModSecurity Vendors.
• Click Add Vendor.
• Input one of URLs depending on your web-server:Comodo ModSecurity Apache Rule Set: https://waf.comodo.com/doc/meta_comodo-apache.yamlComodo ModSecurity LiteSpeed Rule Set: https://waf.comodo.com/doc/meta_comodo-litespeed.yaml
• Click Load and then Save.

See also cPanel ModSecurity Vendors Requirements

Warnings:

• cPanel ModSecurity Vendors are not compatible with CWAF plugin. So, you can't use both in parallel for management your protection rules.
• Don't activate both Comodo Rule Sets for Apache and LiteSpeed simultaneously to avoid conflicts.

Release Notes:

• In the current version you can't report problems with Comodo rules through cPanel ModSecurity Tools.
• We don't recommend to enable two ModSecurity Vendors simultaneously to avoid possibly logical conflicts and performance issues.

Please send us your feedback:

https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/comodo-as-a-modsecurity-vendor-in-cpanel-t110147.0.html

Still one issue with Comodo as a Mod Security Vendor

After adding Comodo to the Vendor list I get this error when I click on rule that shows up here Home »Security Center »Hits List below

Error: API failure: The vendor “comodo” is not set up.

Then here is what Comodo said

Yes, we know about this limitation. However despite on this issue rules loaded and working correctly.

cPanel

doesn't fully support our vendor names: "comodo-apache" and

"comodo-litespeed", so probably we'll need to change them.

In the near

weeks we plan to update our cPanel support to enable feedback reporting

and fixing of this issue.

Be nice to have cPanel fully support vendor names and so on.

I may switch back to plugin mode until this is fixed.

@vlee - Personally I would stay with the Comodo plugin because it gives you more rule control at the account level. cPanel has a nice interface now but, it doesn't allow for account/domain level rule exclusion right now.

If I change vendors, I need to throw out all the current whitelist exceptions -correct???

This company named Columbus Software provides Comodo WAF as a ModSecurity Vendor here:https://columbussoft.com/columbussoft-extra-modsecurity-vendor-comodo-modsecurity-rules/

I was able to install it for free without any problems.

I was able to install Comodo WAF as a ModSecurity Vendor from the link you provided, will this be automatically updating?

https://columbussoft.com/columbussoft-extra-modsecurity-vendor-comodo-modsecurity-rules/

Good find but, the downside of cPanels panel is that you can't manipulate the rules per domain, etc. like you can with Comodo's. Then the question becomes, if Comodo's is compatible without this feature, why not stick with theirs instead of using cPanel's tool?

I don't see what they are really adding - i think Cpanel should work more closely with comodo and make them the default rules or help the community manage OWASP exceptions.

1. Comodo has search features that cPanel doesn't (filter by rule or domain)

2. Updates are automatic (not sure if this mod will)

3. Rules edits are manual instead of a nice UI

There are a couple others. IMHO, Comodo does a better job with the UI and DEFINITELY with rules.

AFAIK you can already?

https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/comodo-as-a-modsecurity-vendor-in-cpanel-t110147.0.html