• Verified the mod_security module is enabled by default in my centos7 using below command. The result is nothing so it means haven’t installed by default.
httpd -M | grep security
  • Performed the installation using below command
yum install mod_security

  • Verified again if its enabled or not using the first command I mentioned.

[[email protected] ~]# httpd -M | grep security

security2_module (shared)

[[email protected] ~]#

Now in order to integrate the Comodo modsec rules in to our server, we need the Comodo Web Application Firewall (CWAF)  installed in our server. It’s a small piece of software that can be installed on our web server to automate the deployment of firewall rule sets and to configure CWAF.

  • Log-in to the web administration console at https://waf.comodo.com/
  • If we haven’t any logins, signup from the same page.
  • At the time of sign up we are placing order for the subscription “COMODO Web Application Firewall” which is having zero price for the period 12Months.  Once we successfully placed the order, we will get an email on our registered email address.
  • Once we have the email, login to https://waf.comodo.com/
  • Ensure that the ‘Rule set version’ tab is open
  • Click the ‘Download latest installer’ link at the top right

  • Run installation script with a root privileges using below command
# bash /root/cwaf_client_install.sh


  • A new installer window will open. Click Enter on first page to confirm the installation

  • At this stage our mod_security module will be identified by this script. Click Enter to proceed.

  • On coming stages install script will check for another webserver types like litespeed, Nginx is available or not and at final state it will identify the webmin installation and ask for if we need to continue or not.

  • Asked permission to install some perl module. Allow the same.

  • Wait some time. We can see the progress in the screen itself.

  • Once completed press Enter key
 
  • Enter CWAF login details.

  • On next stage the install script will ask whether we need to protect our server with default rule set. Confirm the same.
  • At this stage the installation completed and the files are saved in the location /usr/local/cwaf

Normally at this stage the installation will complete and we would be able to access the Comodo WAF from webmin >> servers >> Comodo WAF

But in my case I faced issue and below are they. After installation my webserver Apache got stopped.  Below is the message.

[[email protected] ~]# httpd -M

AH00526: Syntax error on line 1546 of /usr/local/cwaf/rules/29_Apps_WPPlugin.conf:

Error creating rule: Failed to resolve operator: detectSQLi


From comodo forums I understood this is because of  centos7  default repository comes with mod_security-2.7.3. So what I did is installed latest version from atomic repo. In order to do the same first I ran below commands and I got mod_security-2.9.1.

wget -q -O – http://www.atomicorp.com/installers/atomic | sh

yum install mod_security

But I again got syntax errors like below. When I commended the entries at the section “ Rule management is handled by ASL”,I successfully started Apache.

httpd -M

[Wed Oct 12 15:47:59.816458 2016] [so:warn] [pid 860] AH01574: module unique_id_module
is already loaded, skipping

httpd: Syntax error on line 353 of /etc/httpd/conf/httpd.conf: Syntax error on line 14
of /etc/httpd/conf.d/00_mod_security.conf: No matches for the wildcard ‘*asl*.conf’ in
‘/etc/httpd/modsecurity.d’, failing (use IncludeOptional if required)


Still  I have one more issue waiting. On webmin, I am  getting white screen at webmin >> servers >> Comodo WAF area. Again I seek help from comodo forum and I understood this is because at this moment the current virtualmin theme(Virtualmin 5 comes with a brand new HTML 5 theme) I am currently using ( Authentic theme) has some issues with the Comodo WAF plugin. Comodo WAF plugin won’t display with this new theme and you have to switch back to the old one to use it.

But there is work around that’s given in the comodo forum as open file named /usr/libexec/webmin/cwaf/cwaf/tpl/index.html and delete below entry.

type="text/javascript" src="cwaf/js/plugins/jquery-1.11.0.min.js"

This concluded my installation of mod_security and adding comodo WAF rules on my webmin server.