How to Setup Comodo on LiteSpeed Web Server with cPanel

Comodo is a Mod_Security rule set created by the Comodo Team. It provides real time protection for web apps running on the LiteSpeed Web Server. Its functions include:

• Protecting sensitive customer data
• Meeting PCI compliance requirements
• Blocking unauthorized access
• Preventing SQL injection and Cross Site Scripting (XSS) attacks

There are two ways to install comodo modsecurity rule set in cpanel, through cpanel mod_security vendor manager or through comodo cpanel plugin.

Log into WHM → Security Center → ModSecurity Vendor → Add vendor:

Vendor Configuration URL For Comodo ModSecurity LiteSpeed Rule Set is

https://waf.comodo.com/doc/meta_comodo_litespeed.yaml

click “load”, then the vendor details will be fetched and automatically filled in the fields. Then “save”. You can also check the instructions from Comodo directly.

1. Sign up for a Comodo user account here
   
2. Install CWAF script
   

    wget https://waf.comodo.com/cpanel/cwaf_client_install.sh
    sh cwaf_client_install.sh

3. Follow the step-by-step prompts. The installation will detect which web server is running (Apache, LiteSpeed or Nginx)
   

Configuring Comodo

1. Login to the WHM control panel, search for comodo from the search bar. You will see the main Comodo WAF plugin dashboard
2. Click on the Configuration tab and update your CWAF credentials
3. Click on the Main tab and update rule versions

Once completed, you will notice that the current rules version shows the correct Latest version

1. To check CWAF for protection, send the request as shown below:

   http://$server_domain/?a=b AND 1=1

   The server will respond with a 403 status code
   

You can check that CWAF works properly by sending a GET or POST request parameter cwaf_test_request=a12875a9e62e1ecbcd1dded1879ab06949566276

Like this:

http://$server_domain/?cwaf_test_request=a12875a9e62e1ecbcd1dded1879ab06949566276

If the web server returns a 403 Forbidden status, then CWAF works fine.

You can uninstall comodo rule sets through the same way as you installed them.

If you install comodo rules set through cpanel ModSecurity™ Vendors manager, you can simple to there and click “delete”.

1. Run the uninstall script

   cd /var/cpanel/cwaf
   bash /var/cpanel/cwaf/scripts/uninstall_cwaf.sh

2. Answer y

Once completed, Comodo WAF will be gone.