How to Setup Comodo on Standalone LiteSpeed Web Server

Comodo is a Mod_Security rule set created by the Comodo Team. It provides real time protection for web apps running on the LiteSpeed Web Server. Its functions include:

• Protecting sensitive customer data
• Meeting PCI compliance requirements
• Blocking unauthorized access
• Preventing SQL injection and Cross Site Scripting (XSS) attacks

We first need to download Comodo rules that are compatible with Litespeed.

cd /usr/local/lsws/conf
wget https://waf.comodo.com/api/cpanel_litespeed_vendor
unzip cpanel_litespeed_vendor
cd comodo_litespeed/
mv rules.conf.main rules.conf

This will download Comodo Litespeed rules, and move rules.conf.main to rules.conf. This is the file we will reference in the WebAdmin console.

Navigate to Configurations » Server » Security » WAF Rule Set

Click Add to edit the WAF Rule Set

• Name: Comodo Litespeed
• Action: None
• Enabled: Yes
• Rules Defination: Include $SERVER_ROOT/conf/comodo_litespeed/rules.conf

Click Save to activate the rules.

Configurations » Server » Security » Web Application Firewall (WAF)

• Enable WAF : Yes
• Log Level: 0
• Default Action: deny,log,status:403
• Scan Request Body: Yes (If set to 'Yes' will scan post request body)
• Temporary File Path: /tmp
• Disable .htaccess Override: Not Set
• Enable Security Audit Log: Not Set
• Security Audit Log: $SERVER_ROOT/logs/security_audit.log

Click Save to enable the firewall, and perform Graceful Restart.

1. After setting up Comodo, you may need to restart LiteSpeed Web Server
2. To check CWAF for protection, send the request as shown below:

   http://$server_domain/?a=b AND 1=1

   The server will respond with a 403 status code