• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question ModSecurity with Comodo; Where report false-positive?

Azurel

Silver Pleskian
Server operating system version
AlmaLinux 8.8 (Sapphire Caracal)
Plesk version and microupdate number
18.0.56 #3
In Plesk ModSecurity use Comodo for rules; Does anyone know if and where you can report false-positives to Comodo?

And does anyone know where I can view the pattern for a rule? Is there a general overview? Unfortunately, the modsec_audit.log only contains an excerpt of the pattern.
 
The rule definitions for ModSecurity rule IDs can be found in separate files in the following directories:
- For Comodo: /etc/<apache webserver directory>/modsecurity.d/rules/comodo_free/*.conf
- For Atomic for Linux: /var/asl/rules/modsec/50_plesk_basic_asl_rules.conf
- For Windows: /var/asl/rules/modsec/windows/50_plesk_basic_asl_rules.conf
 
Thank you. The path for me was /etc/httpd/conf/modsecurity.d/rules/comodo_free/

Get this rules any updates? Because all rules are from 2023-03-08 same time.
 
Is Comodo dead or at least that ModSecurity is no longer supported? I haven't found a way to report false-positives yet. Some of the rules, especially with URI parameters, had banned hundreds of visitors in the past, because wrong detection.
 
Back
Top