Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
litespeed_wiki:waf:comodo [2018/05/16 19:37]
Eric Leu [Verify Comodo]
litespeed_wiki:waf:comodo [2018/11/08 20:57] (current)
Jackson Zhang [Uninstall Comodo]
Line 6: Line 6:
   * Preventing SQL injection and Cross Site Scripting (XSS) attacks   * Preventing SQL injection and Cross Site Scripting (XSS) attacks
  
-===== Install Comodo =====+===== Deploy Comodo ModSecurity Rule Set in cPanel ===== 
 +There are two ways to install comodo modsecurity rule set in cpanel, through cpanel mod_security vendor manager or through comodo cpanel plugin.  
 + 
 +==== Method 1: Install Comodo ​rule set through cpanel mod_security vendor manager ​==== 
 + 
 +Log into WHM -> Security Center -> ModSecurity Vendor -> Add vendor: 
 +{{ :​litespeed_wiki:​waf:​cpanel-modsecurity-addvendor.png?​600 |}} 
 + 
 +Vendor Configuration URL For Comodo ModSecurity LiteSpeed Rule Set is 
 +  https://​waf.comodo.com/​doc/​meta_comodo_litespeed.yaml 
 +{{ :​litespeed_wiki:​waf:​cpanel-modsecurity-addvendor-loadurl.png?​600 |}} 
 + 
 +click "​load",​ then the vendor details will be fetched and automatically filled in the fields. Then "​save"​. 
 +You can also check the [[https://​help.comodo.com/​topic-212-1-670-8350-.html|instructions]] from Comodo directly. ​  
 + 
 +==== Method 2: Install Comodo rule set through Comodo plugin  ​====
   - Sign up for a Comodo user account [[https://​waf.comodo.com/​|here]]\\   - Sign up for a Comodo user account [[https://​waf.comodo.com/​|here]]\\
   - Install CWAF script \\ <​code>​ wget https://​waf.comodo.com/​cpanel/​cwaf_client_install.sh   - Install CWAF script \\ <​code>​ wget https://​waf.comodo.com/​cpanel/​cwaf_client_install.sh
Line 12: Line 27:
   - Follow the step-by-step prompts. The installation will detect which web server is running (Apache, LiteSpeed or Nginx) \\ {{:​litespeed_wiki:​waf:​comodo-1.png?​500|}}   - Follow the step-by-step prompts. The installation will detect which web server is running (Apache, LiteSpeed or Nginx) \\ {{:​litespeed_wiki:​waf:​comodo-1.png?​500|}}
  
-===== Configuring Comodo ​=====+ Configuring Comodo ​
   - Login to the WHM control panel, search for ''​comodo''​ from the search bar. You will see the main Comodo WAF plugin dashboard   - Login to the WHM control panel, search for ''​comodo''​ from the search bar. You will see the main Comodo WAF plugin dashboard
   - Click on the **Configuration** tab and update your CWAF credentials   - Click on the **Configuration** tab and update your CWAF credentials
Line 23: Line 38:
   - To check CWAF for protection, send the request as shown below: <​code>​http://​$server_domain/?​a=b AND 1=1</​code>​ The server will respond with a 403 status code \\ {{:​litespeed_wiki:​waf:​comodo-5.png?​500|}}   - To check CWAF for protection, send the request as shown below: <​code>​http://​$server_domain/?​a=b AND 1=1</​code>​ The server will respond with a 403 status code \\ {{:​litespeed_wiki:​waf:​comodo-5.png?​500|}}
  
-====Method 2: Command injection attack==== +====Method 2 ==== 
-  - Create ​delete.php file with following codes \\ <​code>​ +You can check that CWAF works properly by sending ​GET or POST request parameter ''​cwaf_test_request=a12875a9e62e1ecbcd1dded1879ab06949566276''​ 
-<?php + 
-print("​Please specify the name of the file to delete"​);​ +Like this: 
-print("<​p>"​);​ + 
-$file=$_GET['filename']; +  http://​$server_domain/?​cwaf_test_request=a12875a9e62e1ecbcd1dded1879ab06949566276 
-system("​rm $file"​);​ + 
-?> +If the web server returns ​a 403 Forbidden status, then CWAF works fine. 
-</​code>​ +
-  - Create a dummy file \\ <​code>​touch bob.txt</​code>​ +
-  ​- Open <​code> ​http://​$server_domain/​delete.php?filename=bob.txt;id </​code>​ +
-If WAF works, you will get a 403 forbidden page+
  
 ===== Uninstall Comodo ===== ===== Uninstall Comodo =====
 +
 +You can uninstall comodo rule sets through the same way as you installed them. 
 +
 +==== Through cpanel ModSecurity™ Vendors manager ====
 +If you install comodo rules set through cpanel ModSecurity™ Vendors manager, you can simple to there and click "​delete"​.
 +{{ :​litespeed_wiki:​waf:​cpanel-modsecurity-delete-ruleset.png?​600 |}}
 +
 +==== Through comodo cpanel plugin if installed via it ====
   - Run the uninstall script <​code>​cd /​var/​cpanel/​cwaf   - Run the uninstall script <​code>​cd /​var/​cpanel/​cwaf
 bash /​var/​cpanel/​cwaf/​scripts/​uninstall_cwaf.sh</​code>​ bash /​var/​cpanel/​cwaf/​scripts/​uninstall_cwaf.sh</​code>​
 
litespeed_wiki/waf/comodo.1526499465.txt.gz · Last modified: 2018/05/16 19:37 by Eric Leu