Question ModSecurity with Comodo; Where report false-positive?

[Azurel]

Server operating system version

AlmaLinux 8.8 (Sapphire Caracal)

Plesk version and microupdate number

18.0.56 #3

In Plesk ModSecurity use Comodo for rules; Does anyone know if and where you can report false-positives to Comodo?

And does anyone know where I can view the pattern for a rule? Is there a general overview? Unfortunately, the modsec_audit.log only contains an excerpt of the pattern.

 

[Peter Debik]

The rule definitions for ModSecurity rule IDs can be found in separate files in the following directories:
- For Comodo: /etc/<apache webserver directory>/modsecurity.d/rules/comodo_free/*.conf
- For Atomic for Linux: /var/asl/rules/modsec/50_plesk_basic_asl_rules.conf
- For Windows: /var/asl/rules/modsec/windows/50_plesk_basic_asl_rules.conf

 

[Azurel]

Thank you. The path for me was /etc/httpd/conf/modsecurity.d/rules/comodo_free/

Get this rules any updates? Because all rules are from 2023-03-08 same time.

 

[Peter Debik]

As far as I now updates are rare. They will be implemented when they are available.

 

[Azurel]

Is Comodo dead or at least that ModSecurity is no longer supported? I haven't found a way to report false-positives yet. Some of the rules, especially with URI parameters, had banned hundreds of visitors in the past, because wrong detection.