Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:waf:comodo [2017/09/05 17:57]
Lisa Clarke
+++ litespeed_wiki:waf:comodo [2018/05/16 19:37]
Eric Leu [Verify Comodo]
@@ Line 1: / Line 1: @@
 ====== How to Setup Comodo on LiteSpeed Web Server with cPanel======
 [[https://waf.comodo.com/ | Comodo ]] is a Mod_Security rule set created by the Comodo Team. It provides real time protection for web apps running on the LiteSpeed Web Server. Its functions include:
-  * Protect sensitive customer data
+  * Protecting sensitive customer data
-  * Meet PCI compliance requirements
+  * Meeting PCI compliance requirements
-  * Block unauthorized access
+  * Blocking unauthorized access
-  * Prevent SQL injection and Cross Site Scripting (XSS) attacks
+  * Preventing SQL injection and Cross Site Scripting (XSS) attacks
 ===== Install Comodo =====
@@ Line 20: / Line 20: @@
 ===== Verify Comodo =====
-  - After setting up Comodo, you may need to restart LiteSpeed Web Server
+====Method 1====
   - To check CWAF for protection, send the request as shown below: <code>http://$server_domain/?a=b AND 1=1</code> The server will respond with a 403 status code \\ {{:litespeed_wiki:waf:comodo-5.png?500|}}
+====Method 2: Command injection attack====
+  - Create a delete.php file with following codes \\ <code>
+<?php
+print("Please specify the name of the file to delete");
+print("<p>");
+$file=$_GET['filename'];
+system("rm $file");
+?>
+</code>
+  - Create a dummy file \\ <code>touch bob.txt</code>
+  - Open <code> http://$server_domain/delete.php?filename=bob.txt;id </code>
+If WAF works, you will get a 403 forbidden page
 ===== Uninstall Comodo =====