Let’s examine more about COMODO’s configurations in Webuzo and ModSecurity.

What is ModSecurity and why do we need it?

ModSecurity is an open-source web-based firewall application (or WAF) supported by different web servers: Apache, Nginx, and IIS.ModSecurity monitors and prevents unauthorized access to your website as a web application firewall (WAF). ModSecurity acts as a reliable and adaptable resource for system administrators as well as for all end users, including retailers, as an industry-standard open-source WAF.

ModSecurity in webuzo

Webuzo has ModSecurity installed by default. OWASP is currently offered by default, and COMODO is available by third-party providers and needs to be explicitly added.

How to install COMODO in Webuzo ?

Step 1 : You need to manually add the 3rd party Modsec vendor Comodo. For that do the following.

Home > Server Utilities > ModSecurity Vendors >> Add Vendor

Put Vendor Configuration URL as the following :

https://waf.comodo.com/doc/meta_comodo_apache.yaml

Click load

Then save the setting

Step 2 : Next you need to disable OWASP and enable COMODO using the following steps :

Home > Server Utilities > ModSecurity Vendors

Click on enable button for COMODO and disable the button for OWSAP.

Modsec conf files :

Main configuration file >> /usr/local/apps/apache2/etc/conf.d/modsec2.conf

Vendor rules >>  /usr/local/apps/apache2/etc/conf.d/modsec_vendor_configs/

Custom rules >> /usr/local/apps/apache2/etc/conf.d/modsec_vendor_configs/modsec2.user.conf

Conclusion :

To sum up we have now gone through the installation and configuration of COMODO and Mod sec in Webuzo.