Comodo Rules resetting to old rules after reboot

rexor · July 21, 2021, 4:09pm

Hi,

I’ve been using Cyberpanel for a while and it’s been pretty good so far, but I’m running into a big problem now that I’m doing a proper set up. I’m not new to Linux by any means and this is a pretty fresh install of CP.

I’m trying to use Comodo rules but, as documented, the stock rules provided with CP are from 2018 and not particularly secure anymore. I’ve found and followed the very simple tutorial for updating the rules here:

and was able to get everything set up as they describe. When I went to the rules via the CP GUI I can see the new rules listed (they have different IDs and there are more than the old ones so it’s easy to tell which is which) and everything is permissioned/owned as it should.

Here’s where the problem comes in. I have a WordPress site with a contact form. When I send the contact, the site just spins and eventually times out without sending the message. When I go to the Error Logs in CP I am able to see that this contact form is triggering a modsec rule, saying the content type, multipart/form-data, is not allowed and should be whitelisted in userdata_wl_content_type.

Ok, I edit userdata_wl_content_type to add the content I need but surprisingly, multipart/form-data is already whitelisted by default. I doublecheck conf files, make sure paths are correct, triple check permissions/owners/groups but they are all as they should be. I reboot the server just to see if that helps, but the contact form still will not send, just timing out. So then I turn off Comodo rules entirely and try to send the message. The contact form still spins and times out, but now there’s no log entries in the Error Log.

I go back to try and turn off individual rules and that’s when I discover that as of the reboot, the rules have reverted back to the 2018 rules that came installed with CP. As of this morning I have run through the process of replacing the old rules with the new updated rules 4 times and have confirmed that:

#1 the rules do not work when updated (they do not honor the directives I’ve given them and cannot be configured in any way)
#2 they keep reverting to the old rules

So why are the rules being reverted to the insecure default Comodo rules, and how? What mechanism is overwriting entire directories of files, rewriting conf files, and undoing the work that I have su-done?

rexor · July 21, 2021, 4:13pm

Oh, and the old rules are working, in their way. When I test the rules and go to mydomain/?a=b AND 1=1 I get a 403 error page.

usmannasir1 · July 22, 2021, 7:27am

You can upgrade to v2.1-1usman branch and use the latest updated OWASP rules. I’ve removed comodo rules from CyberPanel as I’ve been told that even though rules are free Comodo team does not allow to distribute them.

rexor · July 25, 2021, 4:48am

Sorry for the delay, but thank you! I will do that now.

Kais · November 8, 2021, 5:26pm

Is it possible to stii use comodo rulez? Not allow to distribute them in a product like cyberpanel is on part, but using it in the free version is another thing i believe.

So it would be nice if theres a solution to upload this rulez in the

/firewall/modSecRulesPacks

panel page…

Kais · November 8, 2021, 5:27pm

Using OWASP out of the bix breaks my nextcloud installation

usmannasir1 · November 9, 2021, 10:38am

You need to find out which rule file is conflicting and then turn of that specific rule file.