This is an old revision of the document!
How to Setup Comodo on LiteSpeed Web Server with cPanel
Comodo is a Mod_Security rule set created by the Comodo Team. It provides real time protection for web apps running on the LiteSpeed Web Server. Its functions include:
- Protecting sensitive customer data
- Meeting PCI compliance requirements
- Blocking unauthorized access
- Preventing SQL injection and Cross Site Scripting (XSS) attacks
Install Comodo
- Sign up for a Comodo user account here
- Install CWAF script
wget https://waf.comodo.com/cpanel/cwaf_client_install.sh sh cwaf_client_install.sh
Configuring Comodo
- Login to the WHM control panel, search for
comodo
from the search bar. You will see the main Comodo WAF plugin dashboard - Click on the Configuration tab and update your CWAF credentials
- Click on the Main tab and update rule versions
Once completed, you will notice that the current rules version shows the correct Latest version
Verify Comodo
Method 1
Method 2: Command injection attack
- Create a delete.php file with following codes
<?php print("Please specify the name of the file to delete"); print("<p>"); $file=$_GET['filename']; system("rm $file"); ?>
- Create a dummy file
touch bob.txt
- Open
http://$server_domain/delete.php?filename=bob.txt;id
If WAF works, you will get a 403 forbidden page
Uninstall Comodo
- Run the uninstall script
cd /var/cpanel/cwaf bash /var/cpanel/cwaf/scripts/uninstall_cwaf.sh
- Answer
y
Once completed, Comodo WAF will be gone.