• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue modsecurity_ctl failed: Failed to download comodo_free rule set

A

ahoi

Basic Pleskian
Hello everybody,

on a fresh Debian 10.9 setup with Plesk I am unable to install mod_security with free Comodo ruleset.


I am getting this error:

modsecurity_ctl failed: Failed to download comodo_free rule set
Click to expand...

Logs at /var/log/plesk/install/modsecurity_ctl.log are telling me this:


Code: 
---START modsecurity_ctl


ERROR:root:Error


Traceback (most recent call last):


  File "/usr/lib/plesk-9.0/modsecurity_get_comodo_ruleset/modsecurity_get_comodo_ruleset.py", line 99, in comodo_free


  File "/usr/lib/plesk-9.0/modsecurity_get_comodo_ruleset/modsecurity_get_comodo_ruleset.py", line 72, in get_vendor_ruleset


  File "/usr/lib/python2.7/dist-packages/yaml/__init__.py", line 71, in load


    return loader.get_single_data()


  File "/usr/lib/python2.7/dist-packages/yaml/constructor.py", line 37, in get_single_data


    node = self.get_single_node()


  File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 36, in get_single_node


    document = self.compose_document()


  File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 58, in compose_document


    self.get_event()


  File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 118, in get_event


    self.current_event = self.state()


  File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 193, in parse_document_end


    token = self.peek_token()


  File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 128, in peek_token


    self.fetch_more_tokens()


  File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 220, in fetch_more_tokens


    return self.fetch_value()


  File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 576, in fetch_value


    self.get_mark())


ScannerError: mapping values are not allowed here


  in "<string>", line 39, column 26:


                'allowLinker': true


                             ^


active


STOP modsecurity_ctl

Anyone facing the same problem or having a solution for this?
 
ahoi said:
Hello everybody,

on a fresh Debian 10.9 setup with Plesk I am unable to install mod_security with free Comodo ruleset.


I am getting this error:



Logs at /var/log/plesk/install/modsecurity_ctl.log are telling me this:


Code: 
---START modsecurity_ctl


ERROR:root:Error


Traceback (most recent call last):


  File "/usr/lib/plesk-9.0/modsecurity_get_comodo_ruleset/modsecurity_get_comodo_ruleset.py", line 99, in comodo_free


  File "/usr/lib/plesk-9.0/modsecurity_get_comodo_ruleset/modsecurity_get_comodo_ruleset.py", line 72, in get_vendor_ruleset


  File "/usr/lib/python2.7/dist-packages/yaml/__init__.py", line 71, in load


    return loader.get_single_data()


  File "/usr/lib/python2.7/dist-packages/yaml/constructor.py", line 37, in get_single_data


    node = self.get_single_node()


  File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 36, in get_single_node


    document = self.compose_document()


  File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 58, in compose_document


    self.get_event()


  File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 118, in get_event


    self.current_event = self.state()


  File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 193, in parse_document_end


    token = self.peek_token()


  File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 128, in peek_token


    self.fetch_more_tokens()


  File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 220, in fetch_more_tokens


    return self.fetch_value()


  File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 576, in fetch_value


    self.get_mark())


ScannerError: mapping values are not allowed here


  in "<string>", line 39, column 26:


                'allowLinker': true


                             ^


active


STOP modsecurity_ctl

Anyone facing the same problem or having a solution for this?
Click to expand...

Hello Ahai,
seems that I'm (or you're) not alone. Below I'll try to be as exactly as possible on what I did. The short version is: I tried to reinstall from scratch as you did and ended up in the same troubles. If I remember right, this problems started about 2 days ago. Thehave no advise anymore.

I just ordered a new virtual server about a week ago, installed Debian 10.9 (an image provided by provider) and Plesk and everything worked w/o any problems. I think it was 2 days ago when i noticed the message on the Plesk-Dashboard telling me the "mod_security" module could not be updated. While looking around I found the message "Failed to download comodo_free rule set". Not being an Liunx expert and thanks for your input where to find this logfile I have to agree that I have the exact same problem.
After some painful trials (ending up in non-responding webservers) I re-installed up from the scratch and the very first thing I already did before was folloing the "Advisor" and clicked "Switch on" at the suggestion telling to "Configure ModSecurity & Fail2ban". This worked fine in my inital installation (the one that was no mor responding in the end), but this time I immediately runt into the problem this thread ist about. May sequence as (the same way I did before troubles started):

1) Re-Install the system using the Debian image from the provider
2) Installed plesk using the "one-click-installer" command line
3) Wait until setup completes and login at the WebUI using the link that the installer told me to use for the first login
4) Open the "Advisor" following it's suggestion to "Configure ModSecurity & Fail2ban" by clicking "Switch On"
-> Two progress bars a appear, the lower tells "The components have been installed and enabled.", topped by another telling "An error occurred while enabling the Comodo ModSecurity (free) rule set. Please try again later."
5) Giving up and Enable WAF manually using the "Atomic Standard" rules set, which seems to have applied successfully (Tools & Utilities -> Web Application Firewall(ModSecuity) )
-> Trying to switch to "Comodo (free)" raises the error message "Failed to download comodo_free rule set".

Hope someone can help. Thanks
Regards, Willy.
 
the issue with Comodo ruleset has been fixed since today (2021-04-20).
also there is an additional fallback scheme has been implemented in Plesk to prevent such cases in the future. It will be available in the newest Obsidian version.
 
Yes, it seems to be fixed - the problem did not occur any more during the last days. IMO the issue can be marked as fixed.
@ahoi Do you agree? It ssems that I have no permission to set the issue to fixed? Maybe it must be done by the initator - i don't know...
 
Nik G said:
the issue with Comodo ruleset has been fixed since today (2021-04-20).
also there is an additional fallback scheme has been implemented in Plesk to prevent such cases in the future. It will be available in the newest Obsidian version.
Click to expand...
Still facing the issue on Ubuntu.
1619520010289.png
 
still not luck. download fails, switching rulesets doesn't help either. I switched to atomic corp free and can't switch back to comodo, since it first checks for an update and because it is not able to download, it fails. :(
 
Pretty old post but I still get this error on my Plesk Obsidian v18.0.60 Debian 10.

Any advices or should I open a new thread for this?
 
I have been getting an error for the last month. I switch to owasp and it paralyzes the site. The site is on a free Cloudflare account, but when I don't use modsecurity, I get ridiculous requests. Does anyone know a solution?
START modsecurity_ctl
STOP modsecurity_ctl
START modsecurity_ctl
STOP modsecurity_ctl
START modsecurity_ctl
ERROR:root:Download error occurred for https://waf.comodo.com/api/da_vendor?file=cwaf_rules_nginx_3-1.236.tgz
Traceback (most recent call last):
File "/usr/lib64/plesk-9.0/modsecurity_get_comodo_ruleset/plesk_atomic.py", line 137, in download
with closing(urllib.request.urlopen(url, timeout=15)) as fin:
File "/usr/lib64/python3.6/urllib/request.py", line 223, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib64/python3.6/urllib/request.py", line 532, in open
response = meth(req, response)
File "/usr/lib64/python3.6/urllib/request.py", line 642, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python3.6/urllib/request.py", line 570, in error
return self._call_chain(*args)
File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
result = func(*args)
File "/usr/lib64/python3.6/urllib/request.py", line 650, in http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 500: Internal Server Error

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/usr/lib64/plesk-9.0/modsecurity_get_comodo_ruleset/modsecurity_get_comodo_ruleset.py", line 180, in comodo_free_nginx
File "/usr/lib64/plesk-9.0/modsecurity_get_comodo_ruleset/modsecurity_get_comodo_ruleset.py", line 103, in get_da_vendor_ruleset
File "/usr/lib64/plesk-9.0/modsecurity_get_comodo_ruleset/plesk_atomic.py", line 150, in download
raise URLErrorWrapper(url, e) from e
plesk_atomic.URLErrorWrapper: Error interacting with https://waf.comodo.com/api/da_vendor?file=cwaf_rules_nginx_3-1.236.tgz: HTTP Error 500: Internal Server Error
Failed to download the Comodo rule set. The issue is on side of waf.comodo.com and we will alert them right away. You can also report the issue on the Comodo forum - Web Application Firewall -Free Modsecurity rules . That way you may help to fix the issue sooner. At the moment, please select another available rule set and try to switch to Comodo later.
active
STOP modsecurity_ctl
START modsecurity_ctl
STOP modsecurity_ctl
START modsecurity_ctl
STOP modsecurity_ctl
START modsecurity_ctl
STOP modsecurity_ctl
Click to expand...
 
@ToRnedo @Sebahat.hadzhi @mpudellek @ahoi
Sebahat.hadzhi said:
Hey, @ToRnedo. The issue is on Comodo's side and has already been reported to the Comodo Support Team. We have published a dedicated article on the matter. Unfortunately, apart from OWASP, the only other alternative is to use a custom ruleset.
Click to expand...

This is the articles essential:

Cause​

The resource from which Comodo ruleset is updated - Free ModSecurity Rules from Comodo - is not accessible.

Resolution​

The issue is on Comodo side and has already been reported to Comodo Support Team.
Click to expand...

It seems this article misses a crucial detail.
Comodo now requires a license key, even for free users, which needs to be renewed annually.

How was the ruleset managed before?
Was it simply free to download, or was there some kind of global Plesk license applied?
Now, it seems Comodo has switched to a license key system for everyone.

So, in case a license key is required that is not gobally applied by Plesk, this isn’t about waf.comodo.com being unreachable, but rather a change in how the ruleset is accessed—through individual license keys.
 
Hi All,



As workaround, I'm using a custom rule-set as:



1) Took the original comodo rule files at /etc/nginx/modsecurity.d/rules/comodo_free

2) Copy the files to /etc/nginx/modsecurity.d/rules/custom

3) Activate the custom in plesk admin



However, I see that the files /etc/nginx/modsecurity.d/rules/comodo_free seems to be automatic updated in spite of "modsecurity_ctl failed: Failed to download the Comodo rule set. The issue is on side of waf.comodo.com and we will alert them right away." message.

Is there other solution to get this issue solved?
 
You must log in or register to reply here.

Similar threads

B
Issue Web Application Firewall - Can't change to "Comodo (free)" [modsecurity_ctl: failed]?
Replies
3
Views
2K
IgorG
IgorG
Azurel
Forwarded to devs Error: Failed to update the ModSecurity rule set.
Replies
6
Views
2K
Azurel
Azurel
S
Issue Upgrading 12.5.30 to 17.8.11 fails on plesk-repair-kit@noarch
Replies
1
Views
1K
IgorG
IgorG
S
Backup Manager xmlSchemaParse() failed
Replies
3
Views
1K
Szabolcs Hegyi
S
Back
Top