To make sure it is working - After a while check the log file and look for pattern matches with the COMODO WAF rules showing up. Refresh WHM and scroll to the bottom of the left hand menu and you should see "ConfigServer ModSecurity Control" Optionally, install the CSF mod_security controller in order to have some further browser based control over mod_security. Although, the Comodo WAF app will also restart apache after downloading the rules, and if there is an error it will revert to no rules, which is kind of nice. * you will replace everything in there with this one line if the default rules or your old huge list of rules are thereĬlick (in WHM still) Comodo WAF link and download the latest rules (currently 0.41), this will download the latest rule set. Scroll down to Mod Security link and replace * or add to the config file with the following line and save, then restart apache: When finished installing, log into WHM on your VPS or dedicated server. It will not work until you link to the rule set in the mod_security config file (via WHM). This is where the comodo intructions get sketchy. In SSH session as root, in the root directory run the following commands:Įnter username and password to Comodo that you used when you signed up when it asks, Pre-requisite - be sure to run easyapache and have the latest version of Mod Security installed (currently 2.7.7) or errors will be displayed after installing the Comodo app. To install you will need to sign up as a member (free). More information can be found on their website here.
Comodo has awesomely stepped in to provide a free ruleset and a WHM app. Whereas gotroot decided to go to a paid version of mod security rules this has left low margin web hosts and a bit out in the cold.
0 kommentar(er)
