Plesk Onyx Comodo WAF rules password fail

I have had issues with authentication with the Comodo WAF (web application firewall) ruleset in Plesk Onyx. The username and password set at sign up DO work to sign into the Comodo area, so are these the wrong details, or is something broken?

The reason for the change of repository is that the free Atomic rule set appears to be in the toilet at the moment according to Plesk. Lots of red messages and failure to update.

Regretfully - at the moment what happens when you either fail to authenticate properly, or there is a checksum error or syntax error in the content is it just leaves the apache in an off state.

The mod_security on Plesk Onyx runs on the Apache2 layer as opposed to the nginx. Rather than testing before starting, it restarts it and it fails. You get a red message in the control panel (or not if it did this update in the dead of night)... and return to find nginx with gateway errors as it is passing off traffic to a dead Apache process.

This is suboptimal.

While a Web Application Firewall is not a make or break, its a nice defence to have little with or no visible overhead - rather have than not in terms of the blend of things that keep the metaphorical wolf from the door. More so when it is paired with something like fail2ban or cPhulk which sees repeated offences from a given IP and then starts a policy of increasing IP blocks.

Comodo support was great - confirming that the details that I signed up the account with were the right ones to be using and that if that failed I could download a pack, or "You can try "CWAF plugin" for Plesk as workaround."

The latter is quite a delicious little ncurses install that looks like it would work even if you did not have a control panel - so plain apache or Nginx or Litespeed by the looks of things. It does appear to be Perl heavy - but you get the idea - updates for mod_security. Cannot be bad.

So - the solution - or rather the problem. My password.

It does not parse the password properly.

Be it because the password I chose was 20 chars long or because it contained symbols ... either way, it either truncated it - or didn't parse the chars.. :FAIL:

A change to a password that was (a little) shorter and included only numbers and chars did the trick. Logged into the comodo WAF interface and reset my password and update Plesk WAF and off it goes - free of red messages or errors.

Thank you Comodo. Your efforts are appreciated.


Plesk: However, the question is what happens when you do this... I am sure its escaped... right?

Leave a Reply

Your email address will not be published. Required fields are marked *