• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Issue installing modsecurity

Winnstorm

Winnstorm

Basic Pleskian
Hello,
I'm facing an issue with modsecurity, actually one website is facing a false-positive for comodo waf rules:
[file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"]
[file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/15_Outgoing_FilterASP.conf"] [line "14"] [id "214450"]

I've switched off, disabled, almost anything related to WAF domain configuration and nothing happened. So I tried to swap the WAF from Comodo default to Atomic free, and then the same issue is happening on the log (after the change) but now the rules are not working and also I cannot revert back to comodo since when I change from the WAF config I receive the following error:

Failed to install the ModSecurity rule set: modsecurity_ctl failed: ERROR:root:Error Traceback (most recent call last): File "/usr/lib64/plesk-9.0/modsecurity_get_vendor_ruleset/modsecurity_get_vendor_ruleset.py", line 53, in main File "/usr/lib64/plesk-9.0/modsecurity_get_vendor_ruleset/modsecurity_get_vendor_ruleset.py", line 35, in get_vendor_ruleset File "/usr/lib64/plesk-9.0/modsecurity_get_vendor_ruleset/plesk_atomic.py", line 105, in download with closing(urllib2.urlopen(url, timeout=15)) as fin: File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen return opener.open(url, data, timeout) File "/usr/lib64/python2.7/urllib2.py", line 431, in open response = self._open(req, data) File "/usr/lib64/python2.7/urllib2.py", line 449, in _open '_open', req) File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain result = func(*args) File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open context=self._context, check_hostname=self._check_hostname) File "/usr/lib64/python2.7/urllib2.py", line 1214, in do_open raise URLError(err) URLErrorWrapper: Error interacting with https://waf.comodo.com/doc/meta_comodo_apache.yaml: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)> Unable to download comodo_free rule set

Any help will be appreciated :)

Thanks
best regards
 
Try to fix it with following steps:
  1. Back up the /usr/lib/ssl/certs directory:
    # mv /usr/lib/ssl/certs{,.backup}
  2. Create a symlink in /usr/lib/ssl/certs pointing to /etc/ssl/certs/ directory:
    # ln -s /etc/ssl/certs /usr/lib/ssl/certs
 
IgorG said:
Try to fix it with following steps:
  1. Back up the /usr/lib/ssl/certs directory:
    # mv /usr/lib/ssl/certs{,.backup}
  2. Create a symlink in /usr/lib/ssl/certs pointing to /etc/ssl/certs/ directory:
    # ln -s /etc/ssl/certs /usr/lib/ssl/certs
Click to expand...

thanks for your answer!!

I tried the commands but it seems that the folder is non existant on my current centos installation:

mv: cannot stat ‘/usr/lib/ssl/certs’: No such file or directory

EDIT: Created the dir on usr but after creating the simlink the issue still persist, same error on plesk panel after changing for comodo waf.
 
Last edited:
Another question is, related to atomic basic set (the free option):

On security tags there is blank (no object) to activate or deactivate. Is this correct??? Why I can only see these objects on comodo??
1591109596792.png
 
IgorG said:
Try to fix it with following steps:
  1. Back up the /usr/lib/ssl/certs directory:
    # mv /usr/lib/ssl/certs{,.backup}
  2. Create a symlink in /usr/lib/ssl/certs pointing to /etc/ssl/certs/ directory:
    # ln -s /etc/ssl/certs /usr/lib/ssl/certs
Click to expand...

This is an issue with the ROOT certificate of waf.comodo.com.

Common name: USERTrust RSA Certification Authority
Organization: The USERTRUST Network
Location: Jersey City, New Jersey, US
Valid from May 30, 2000 to May 30, 2020 !!!
Serial Number: 13ea28705bf4eced0c36630980614336
Signature Algorithm: sha384WithRSAEncryption
Issuer: AddTrust External CA Root
 
expired Sectigo Root Cerificate may need to be removed manually, instructions are os specific, i managed to resolve the issue on centos 7 with following instructions Sectigo Root and Intermediate Certificate Expiry - May 2020 - Red Hat Customer Portal



  • Figure out the expired CA certificate with:

# trust list

  • Create a blacklist file: (filter part need to be copied from above result from the AddTrust External Root part)

# trust dump --filter "pkcs11:id=%AD%BD%98%7A%34%B4%26%F7%FA%C4%26%54%EF%03%BD%E0%24%CB%54%1A;type=cert" > /etc/pki/ca-trust/source/blacklist/addtrust-external-root.p11-kit

  • Update the system trust store:

# update-ca-trust

  • Make sure that the CA is not listed anymore as trusted with:

# trust list
 
You must log in or register to reply here.

Similar threads

S
Issue Need Help Whitelisting GTM Noscript in Comodo WAF Rule 214540 on Plesk
Replies
1
Views
271
alvarezcruz
alvarezcruz
L
Resolved ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/"
Replies
7
Views
9K
loman
L
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
2K
Linulex
Linulex
F
Issue SQLmap attack detected (ID: 218500) on blank page
Replies
5
Views
2K
abdulsemiu
A
F
Issue Issue with modsecurity
Replies
3
Views
10K
payday
P
Back
Top