Web Applications are the #1 target of internet attacks. That’s why using web application firewalls like ModSecurity can help to reduce the risk of attacks. Today we will show you how to Install Comodo WAF on cPanel servers.
If you combine a perfect software like ModSecurity with the fantastic rule set from Comodo, then you are increasing your Web Application Security almost to the top, saving you time from manually defending against this kind of threats.
What is Comodo WAF?
Comodo WAF is a Mod_Security rule set create by the Comodo Team. It provides real time protection for web apps running on the three most common Web Servers (Apache, Nginx and LiteSpeed).
CWAF integrates perfectly with ModSecurity rules, and provides a full suite for web app security and intrusion protection.
Some of its features:
- Protects sensitive data from your customers, like login and password protected areas.
- Can help to meet PCI compliance requirements easily.
- Prevent SQL injection
- Prevent XSS Attacks (Cross Site Scripting)
- Protects against Brute Force Attacks on WordPress, Joomla, Drupal, and many others.
- Rules are categorized, and you can choose to run only the ones you need.
- Frecuent Updates of its core and main database rules.
- It’s free!
Comodo WAF Requirements
This are Comodo WAF requirements for cPanel servers.
- Apache v.2.2 / 2.4.x (Nginx or LiteSpeed too)
- 10 MB of free disk space for ModSec RuleSet
- ModSecurity Installed (you can install by reading this tutorial: ModSecurity cPanel)
Install Comodo WAF on cPanel Step by Step
Follow this steps to install Comodo WAF on cPanel / WHM based servers:
- Open a free Comodo User Account at https://waf.comodo.com/
- Click on Sign UP.
Once you have your username email and password set, proceed to install the free ModSecurity rules from Comodo by running this commands from the terminal as root:
cd /root/temp wget https://waf.comodo.com/cpanel/cwaf_client_install.sh sh cwaf_client_install.sh
Let’s see how the new configuration looks like, output example:
email@example.com [~]# cat /usr/local/apache/conf/modsec2.conf LoadFile /opt/xml2/lib/libxml2.so # LoadFile /opt/lua/lib/liblua.so <IfModule !mod_security2.c> LoadModule security2_module modules/mod_security2.so </IfModule> <IfModule mod_security2.c> <IfModule mod_ruid2.c> SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit SecAuditLogType Concurrent </IfModule> <IfModule itk.c> SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit SecAuditLogType Concurrent </IfModule> SecServerSignature "Protected by COMODO WAF" SecRuleEngine On SecAuditEngine RelevantOnly SecAuditLog /usr/local/apache/logs/modsec_audit.log SecDebugLog /usr/local/apache/logs/modsec_debug.log SecAuditLogType Serial SecDebugLogLevel 0 SecRequestBodyAccess On SecDataDir /tmp SecTmpDir /tmp SecPcreMatchLimit 250000 SecPcreMatchLimitRecursion 250000 Include "/var/cpanel/cwaf/etc/cwaf.conf" </IfModule> firstname.lastname@example.org [~]#
That’s all, the Free ModSecurity Comodo WAF is installed in your cPanel server.
Configuring Comodo WAF from WHM Control Panel
Now let’s take a look on how to configure your COMODO WAF rules.
- Login to WHM control panel.
- Search for Comodo WAF on the left menu.
You will see the main Comodo WAF Plugin Dashboard. It looks like this:
From there you will see many tabs, options and information.
You will notice it shows Apache version, rules version, as well as CWAF plugin version, # of websites, and also where your mod_security configuration is located.
Let’s move to Configure your WAF settings.
Click on ‘Configuration’ tab.
From there you will be able to configure your update credentials, update frequency, and a few minor details.
You will also be able to configure your WAF debug level, and see the configured values for log directory path and debug log file name.
There is also an option to create a backup of your current configuration.
Now click on ‘Protection Wizard’ tab.
This will launch your WAF configuration wizard, that will help you to choose the best rules for your needs.
In my case, I don’t host any Ruby on Rail, Coldfusion or ZeroCMS apps, that’s why I chosen to disable that kind of protections.
After you choose all your protection levels, you can apply the changes.
You will find very interesting things to configure, such as Global Protection, Prevent Information Reveal, SQL Protection, PHP Protection, Bruteforce Protection (specially useful for WordPress and Joomla websites), as well as Cross Site Scripting protection rules.
Once you finished your protection tree configuration, click on ‘Apply changes’ as you see below:
Now move to ‘Catalog’ tab
From this place you will be able to choose what rules apply to what domains, you will be also able to activate or deactivate your rules per domain, or per category. It’s really helpful.
Switch to ‘Security Engine’ tab
On this screen you will find many security related configurations.
You will be able to see details about your audit log, audit log storage, debug log location, debug level, tmp dir, data dir, as well as PCRE Match Limit and PCRE Match Recursion.
One of the most important things you will find on this tab is the ability to Disable Comodo WAF per domains. This can de done by clicking in the right button called ‘Disable domains’ as you see in the image below:
A popup will appear with your current domains, you just need to click your domain, and then click on ‘Disable’ button, after that, click on ‘Apply changes’ button.
This are general tips to tweak your Comodo WAF configuration, but take the time and make sure you explore the entire options, as it’s a really complete WAF management solution for shared hosting control panels.
Uninstalling Comodo WAF
Comodo WAF on cPanel will be installed on the following locations:
Uninstalling Comodo WAF must be done by a root system administrator.
To uninstall CWAF for cPanel just run this script:
You will be prompted:
Do you want to remove Comodo WAF application from cPanel?
Enter answer [y/n] y
That’s all, Comodo WAF shoulbe be gone after that.
After following this guide, the task of install Comodo WAF on cPanel should be pretty much easy with our step by step tutorial.
Comodo WAF brings one of the best mod-security rule sets we’ve ever seen. It has a very low false positive report, and includes a very good way to customize rules, as well as activating and deactivating the rules per domain or globally.