Install Mod_Security and Comodo WAF in CWP

1) Register at Comodo Waf website [] as we will be needing Email and Password later.


2) Install Mod_Security.

cd /usr/src
tar xzf modsecurity-2.9.0.tar.gz
cd modsecurity-2.9.0
./configure --with-apxs=/usr/local/apache/bin/apxs
make && make install


3) Create Mod_Security config file.

wget --output-document="/usr/local/apache/conf.d/modsec2.conf"


4) Restart Apache.

service httpd restart


5) Check if Mod_Security is loaded in Apache.

/usr/local/apache/bin/httpd -M


6) Now Install Comodo Waf.

cd /usr/src

Press Enter:

Press Enter:

Press Enter:

Press Enter (It will install missing perl modules):

Enter your email used at

Enter your password used at and confirm it again:

Enter /usr/local as path and press enter:

Installation will complete now


7) Now include CWAF path in mod_security config file.

sed -i '/SecPcreMatchLimitRecursion 250000/a \ \ Include "/usr/local/cwaf/etc/cwaf.conf"' /usr/local/apache/conf.d/modsec2.conf


8) Update CWAF rules.



9) Restart Apache.

service httpd restart


10) Check if CWAF is protecting your website.

Tail the command below using putty.

tail -f /usr/local/apache/logs/modsec_audit.log

Run the below URL in you browser. AND 1=1


Some useful paths:

Update rules: /usr/local/cwaf/scripts/
Rules Config files: /usr/local/cwaf/etc/cwaf.conf
Mod_Security Audit Log: /usr/local/apache/logs/modsec_audit.log
Mod_Security Debug Log: /usr/local/apache/logs/modsec_debug.log
Create your own rules: /usr/local/cwaf/etc/httpd/custom_user.conf


Command line utility is available # May not work in standalone installation.




Generate Default Blocked Rules List:

/usr/local/cwaf/scripts/ -xd 500000000

Generated File: /usr/local/cwaf/etc/httpd/global/zzz_exclude_global.conf


List Blocked Rules ID:

/usr/local/cwaf/scripts/ -xl


Uninstall Comodo Waf:

sed -i '/cwaf*.conf/d' /usr/local/apache/conf.d/modsec2.conf
service httpd restart
  • 18 Users Found This Useful
Was this answer helpful?