Symptoms
The following error is displayed on the Home page in Plesk:
PLESK_ERROR: Failed to update the ModSecurity rule set. Details
The following error is shown if clicking on the Details link:
PLESK_ERROR: Failed to update the ModSecurity rule set: modsecurity_ctl failed: Failed to download the Comodo rule set. The issue is on the waf.comodo.com side and we will alert them. You can also report the issue yourself on the Comodo forum - https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall-b223.0/ It might help fixing the issue earlier. For now, select the Atomic Standard rule set and try switching back to Comodo tomorrow.
Cause
The resource from which Comodo ruleset is updated - https://waf.comodo.com/ - is not accessible.
Resolution
The issue is on Comodo side and has already been reported to Comodo Support Team.
Untill the issue will be fixed apply one of the workarounds below:
- Log into Plesk.
- Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings tab.
- Select any other ruleset except Comodo.
- Press the OK button to apply the changes.
- Log into Plesk.
- Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings tab.
- From the drop-down menu Run rules on select Apache (ModSecurity 2.9).
- Press the OK button to apply the changes.
Comments
7 comments
Hello. Thanks for the reply, but the only other option I have is OWASP:
but it says - it is very restrictive. How risky it is to use it instead of Comodo?
Thank you.
Hi folks, has anyone found a workaround? or maybe even just a working replacement? There seems to be little support on this issue from Plesk or Comodo (who seems to have changed the product completely).
I'm guessing that the reason the update fails is due to the fact that you have to login to the Comodo site to be able to download the WAF ruleset.
I'm running Plesk on Debian 12 so I don't have any other options for a ruleset. Please add the Atomic ruleset for us Debian users!
I wrote this in the Plesk Forums as well: https://talk.plesk.com/threads/modsecurity_ctl-failed-failed-to-download-comodo_free-rule-set.360482/post-953711
It seems this article misses a crucial detail.
Comodo now requires a license key, even for free users, which needs to be renewed annually.
How was the ruleset managed before?
Was it simply free to download, or was there some kind of global Plesk license applied?
Now, it seems Comodo has switched to a license key system for everyone.
So, in case a license key is required that is not gobally applied by Plesk, this isn’t about waf.comodo.com being unreachable, but rather a change in how the ruleset is accessed—through individual license keys.
Still no good solution on this!
Comodo free for 2.9 ModSecurity running on apache does not have this problem.
That's not a solution.
I came to this article looking for a solution only to find that there isn't one.
I was about to also choose the OWASP one and then saw the warning about how restrictive it can be.
Wordpress Plugins is certainly something I can have blocked.
Please sign in to leave a comment.