Comodo ModSecurity Ruleset no Longer Supported with Modsecurity

[Jimhill10]

With the newest version of Modsecurity the Comodo Litespeed vendor rulesets are no longer compatible. Per my ticket just now to WMH cPanel this creates an error when the WHM upgrade script runs. The update error in and of itself is not an issue, but rather the fact that the Comodo ruleset is not being update. Question, what other rulesets can be recommended? The one from Atomicorp looks good, but it is pretty expensive when I consider that I am already paying for two different WAF's in front of my sites (one with Sucuri and the other sites / servers via Stackpath).

Second, are there any issues with just using the OWASP 3.0 ruleset with Litespeed Enterprise?

 

[stormy]

I'm interested in this too. What happens if we switch to the Apache ruleset instead, which seems to be updated?

 

[Jimhill10]

The OWASP ruleset is working fine once I disabled rule #941 which was blocking certain functions being done by WordPress admins for various posts and use of extensions. I have this vendor on two servers and I think it is fine alongside Litespeed. I do of course also have the single rule from ConfigServer for their cXs ModSecurity. In my mind if your sites are in front of a WAF then I would not bother spending a bunch of money every year on another set. Perhaps Comodo will update their Litespeed ruleset at some point.