Comodo Master ModSecurity Breaks Site

[Avid1]

I have configured OLS to use Comodo Master ModSecurity as per the instructions in the KB. When I activate the comodo mod_security rules using "rules.conf" in the module parameters area and activate, the site breaks.

In the main server admin dashboard, all the Listeners and Virtual Hosts .. display with red "broken link" indicators. Obviously I've done something icorrectly.

I did note that the comodo files when tarred /expanded have ownership assigned as USER "1011" and GROUP "users". I'm wondering if this is a file ownership/permissions issue and if so what user:group settings should be .. (lsadm:lsadm) (www-data:www-data) ? for the files in usr/local/lsws/modsec/comodo

OpenLiteSpeed 1.7.16
Ubuntu 22.04
Running on AWS T2.micro - built from AWS OLS Marketplace AMI

 

[Cold-Egg]

I think you could try root:root or lsadm:lsadm, if both not working, please raise a ticket to support@litespeedtech.com for further help.

 

[Avid1]

I tried changing the ownership of /usr/local/lsws/modsec/comodo to both lsadm:lsadm, as well as, root:root - but - neither of these resolved the issue. I still have the red broken link indicators for listeners and virtual hosts.

I will raise a support ticket.

 

[Avid1]

I just noticed that the rule for using Comodo Master ModSecurity (rules.conf) seems to truncate the closing bracket when entered into the Admin "Module Parameters" section under the Modules tab.

According to the KB doc, there is clearly a closing bracket when copying the rule file
But when I copy that script and input it into the Admin "Module Parameters" field, then "SAVE", the closing bracket disappears - I can re-edit and put the bracket back in, but again the bracket disappears on SAVE.



I don't know if this is merely a display issue, or if that bracket is actually stripped out. If it is stripped out, then perhaps that is the reason for the error.

When the mod_security module is enabled, all listeners and virtual hosts break.

 

[Cold-Egg]

HI, I saw the reason.

The guide is for the users who prefer the command line way, you can edit OpenliteSpeed’s conf file directly from the command line and append the following content to httpd_config.conf. You may combine rules, or list them out over multiple lines.

But if you prefer to input the code from web admin, please get ride of the "module {", e.g.

modsecurity  on
modsecurity_rules `
SecRuleEngine On
`
modsecurity_rules_file /usr/local/lsws/modsec/comodo/rules.conf

instead of

module mod_security {
modsecurity  on
modsecurity_rules `
SecRuleEngine On
`
modsecurity_rules_file /usr/local/lsws/modsec/comodo/rules.conf
}

The "module mod_security {" one is when you check from the httpd_config.conf via SSH.

 

[Avid1]

Thanks very much for the help, Cold-Egg!

I made the changes you suggested and everything works now.

 

[stephenfeather]

I know this was answered back in November, wanted to add a similar 'typo' scenario.

The little tic to close the modsecurity_rules block can disappear easily enough and you get a non-descript error in your server log:

modsecurity_rules_file /usr/local/lsws/modsec/comodo/rules.conf failed, ret -1, reason: 'Rules error. File: <<reference missing or not informed>>. Line: 3. Column: 64. Invalid input: modsecurity_rules_file /usr/local/lsws/modsec/comodo/rules.conf'.