1) Register at Comodo Waf website [https://waf.comodo.com/] as we will be needing Email and Password later.
https://accounts.comodo.com/cwaf/management/signup
2) Install Mod_Security.
cd /usr/src wget https://www.modsecurity.org/tarball/2.9.0/modsecurity-2.9.0.tar.gz tar xzf modsecurity-2.9.0.tar.gz cd modsecurity-2.9.0 ./configure --with-apxs=/usr/local/apache/bin/apxs make && make install
3) Create Mod_Security config file.
wget --output-document="/usr/local/apache/conf.d/modsec2.conf" http://dl-package.bullten.in/cwp/files/mod_security/modsec2.txt
4) Restart Apache.
service httpd restart
5) Check if Mod_Security is loaded in Apache.
/usr/local/apache/bin/httpd -M
6) Now Install Comodo Waf.
cd /usr/src wget https://waf.comodo.com/cpanel/cwaf_client_install.sh sh cwaf_client_install.sh
Press Enter:
Press Enter:
Press Enter:
Press Enter (It will install missing perl modules):
Enter your email used at waf.comodo.com:
Enter your password used at waf.comodo.com and confirm it again:
Enter /usr/local as path and press enter:
Installation will complete now
7) Now include CWAF path in mod_security config file.
sed -i '/SecPcreMatchLimitRecursion 250000/a \ \ Include "/usr/local/cwaf/etc/cwaf.conf"' /usr/local/apache/conf.d/modsec2.conf
8) Update CWAF rules.
/usr/local/cwaf/scripts/updater.pl
9) Restart Apache.
service httpd restart
10) Check if CWAF is protecting your website.
Tail the command below using putty.
tail -f /usr/local/apache/logs/modsec_audit.log
Run the below URL in you browser.
http://yoursite.com/?a=b AND 1=1
Some useful paths:
Update rules: /usr/local/cwaf/scripts/updater.pl Rules Config files: /usr/local/cwaf/etc/cwaf.conf Mod_Security Audit Log: /usr/local/apache/logs/modsec_audit.log Mod_Security Debug Log: /usr/local/apache/logs/modsec_debug.log Create your own rules: /usr/local/cwaf/etc/httpd/custom_user.conf
Command line utility is available # May not work in standalone installation.
/usr/local/cwaf/scripts/cwaf-cli.pl
===========================================================================
Generate Default Blocked Rules List:
/usr/local/cwaf/scripts/cwaf-cli.pl -xd 500000000
Generated File: /usr/local/cwaf/etc/httpd/global/zzz_exclude_global.conf
============================================================================
List Blocked Rules ID:
/usr/local/cwaf/scripts/cwaf-cli.pl -xl
============================================================================
Uninstall Comodo Waf:
/usr/local/cwaf/scripts/uninstall_cwaf.sh sed -i '/cwaf*.conf/d' /usr/local/apache/conf.d/modsec2.conf service httpd restart