Comodo Rules resetting to old rules after reboot — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberLoader

Comodo Rules resetting to old rules after reboot

Hi,

I've been using Cyberpanel for a while and it's been pretty good so far, but I'm running into a big problem now that I'm doing a proper set up. I'm not new to Linux by any means and this is a pretty fresh install of CP.

I'm trying to use Comodo rules but, as documented, the stock rules provided with CP are from 2018 and not particularly secure anymore. I've found and followed the very simple tutorial for updating the rules here:

https://forums.cyberpanel.net/discussion/4678/tutorial-how-to-manually-update-comodo-modsecurity-rules-for-cyberpanel

and was able to get everything set up as they describe. When I went to the rules via the CP GUI I can see the new rules listed (they have different IDs and there are more than the old ones so it's easy to tell which is which) and everything is permissioned/owned as it should.

Here's where the problem comes in. I have a WordPress site with a contact form. When I send the contact, the site just spins and eventually times out without sending the message. When I go to the Error Logs in CP I am able to see that this contact form is triggering a modsec rule, saying the content type, multipart/form-data, is not allowed and should be whitelisted in userdata_wl_content_type.

Ok, I edit userdata_wl_content_type to add the content I need but surprisingly, multipart/form-data is already whitelisted by default. I doublecheck conf files, make sure paths are correct, triple check permissions/owners/groups but they are all as they should be. I reboot the server just to see if that helps, but the contact form still will not send, just timing out. So then I turn off Comodo rules entirely and try to send the message. The contact form still spins and times out, but now there's no log entries in the Error Log.

I go back to try and turn off individual rules and that's when I discover that as of the reboot, the rules have reverted back to the 2018 rules that came installed with CP. As of this morning I have run through the process of replacing the old rules with the new updated rules 4 times and have confirmed that:

#1 the rules do not work when updated (they do not honor the directives I've given them and cannot be configured in any way)
#2 they keep reverting to the old rules

So why are the rules being reverted to the insecure default Comodo rules, and how? What mechanism is overwriting entire directories of files, rewriting conf files, and undoing the work that I have su-done?
Tagged:
Tagged:

Comments

  • Oh, and the old rules are working, in their way. When I test the rules and go to mydomain/?a=b AND 1=1 I get a 403 error page.
  • You can upgrade to v2.1-1usman branch and use the latest updated OWASP rules. I've removed comodo rules from CyberPanel as I've been told that even though rules are free Comodo team does not allow to distribute them.
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion