Comodo ModSecurity ruleset is not updated in Plesk: Failed to download the Comodo rule set

Comments

7 comments

  • Avatar
    Alex Pant

    Hello. Thanks for the reply, but the only other option I have is OWASP:

    but it says - it is very restrictive. How risky it is to use it instead of Comodo?

    Thank you.

    1
  • Avatar
    Dan Horning

    Hi folks, has anyone found a workaround? or maybe even just a working replacement? There seems to be little support on this issue from Plesk or Comodo (who seems to have changed the product completely).

    0
  • Avatar
    Larry Nedry

    I'm guessing that the reason the update fails is due to the fact that you have to login to the Comodo site to be able to download the WAF ruleset.

    I'm running Plesk on Debian 12 so I don't have any other options for a ruleset. Please add the Atomic ruleset for us Debian users!

    3
  • Avatar
    MSZ

    I wrote this in the Plesk Forums as well: https://talk.plesk.com/threads/modsecurity_ctl-failed-failed-to-download-comodo_free-rule-set.360482/post-953711

    It seems this article misses a crucial detail. 

    Comodo now requires a license key, even for free users, which needs to be renewed annually.

    How was the ruleset managed before? 
    Was it simply free to download, or was there some kind of global Plesk license applied? 

    Now, it seems Comodo has switched to a license key system for everyone.

    So, in case a license key is required that is not gobally applied by Plesk, this isn’t about waf.comodo.com being unreachable, but rather a change in how the ruleset is accessed—through individual license keys.

    2
  • Avatar
    Florian Stern (Edited )

    Still no good solution on this!

    Comodo free for 2.9 ModSecurity running on apache does not have this problem.

    0
  • Avatar
    Nico Wiedemann

    That's not a solution.

    0
  • Avatar
    Paul Creedy

    I came to this article looking for a solution only to find that there isn't one.  

    I was about to also choose the OWASP one and then saw the warning about how restrictive it can be.  

    Wordpress Plugins is certainly something I can have blocked.

    0

Please sign in to leave a comment.

Have more questions? Submit a request