• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question ModSecurity with Comodo; Where report false-positive?

Azurel

Azurel

Silver Pleskian
Server operating system version
AlmaLinux 8.8 (Sapphire Caracal)
Plesk version and microupdate number
18.0.56 #3
In Plesk ModSecurity use Comodo for rules; Does anyone know if and where you can report false-positives to Comodo?

And does anyone know where I can view the pattern for a rule? Is there a general overview? Unfortunately, the modsec_audit.log only contains an excerpt of the pattern.
 
The rule definitions for ModSecurity rule IDs can be found in separate files in the following directories:
- For Comodo: /etc/<apache webserver directory>/modsecurity.d/rules/comodo_free/*.conf
- For Atomic for Linux: /var/asl/rules/modsec/50_plesk_basic_asl_rules.conf
- For Windows: /var/asl/rules/modsec/windows/50_plesk_basic_asl_rules.conf
 
Thank you. The path for me was /etc/httpd/conf/modsecurity.d/rules/comodo_free/

Get this rules any updates? Because all rules are from 2023-03-08 same time.
 
Is Comodo dead or at least that ModSecurity is no longer supported? I haven't found a way to report false-positives yet. Some of the rules, especially with URI parameters, had banned hundreds of visitors in the past, because wrong detection.
 
You must log in or register to reply here.

Similar threads

S
Question ModSecurity Comodo no rule update for weeks?
Replies
5
Views
973
Ehud
Ehud
G
Issue Database Malware or False Positive?
Replies
2
Views
388
Gene Steinberg
G
K
Resolved ModSecurity: Is it now possible to switch from Comodo ruleset to Atomic on Ubuntu 18 server?
Replies
1
Views
581
King555
K
E
Resolved NGinx deny rules and Firewall (iptables?)
Replies
4
Views
1K
epertinez
E
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
2K
The 8th
The 8th
Back
Top