Articles in this section

See more

Unable to activate or update the Comodo rule-set in Plesk ModSecurity: Error interacting with https://waf.comodo.com/doc/meta_comodo_apache.yaml: <urlopen error [Errno 113] No route to host>

Avatar
Renan Genova Ferreira
Updated
Follow
Plesk for Linux kb: technical Ideal ABT: Group A

Applicable to:

  • Plesk for Linux

Symptoms

When activating or updating the Comodo rule-set in Plesk at Tools & Settings > Web Application Firewall (ModSecurity) > Settings, the operation fails with an error:

URLErrorWrapper: Error interacting with https://waf.comodo.com/doc/meta_comodo_apache.yaml: <urlopen error [Errno 113] No route to host> Unable to download comodo_free rule set

URLErrorWrapper: Error interacting with https://waf.comodo.com/doc/meta_comodo_apache.yaml:<urlopen error timed out>
Unable to download comodo_free rule set

Cause

The website with Comodo Web Application Firewall rule-set was unavailable, which is already fixed. 

Resolution

Wait until the next daily maintenance task is executed.

OR

  1. Connect to the server via SSH;

  2. Manually update ModSecurity ruleset:

    # plesk daily UpdateModSecurityRuleSet

Comments

11 comments

Sort by Date Votes
  • Avatar
    R8 Edge

    Same thing here - but while updating that is.

    0
    Comment actions Permalink
  • Avatar
    Blamotech

    Will this auto correct when the site is back up?

    Just asking just in case...

    0
    Comment actions Permalink
  • Avatar
    Michael

    Blamotech I guess, we don't have to worry. Let's just wait till tmrw and hope the best!

    0
    Comment actions Permalink
  • Avatar
    Admin

    I emailed Comodo about the issue earlier today - no reply... but hopefully they sort it out.

    Comodo should realise that a LOT of people use these rules and a LOT of servers are sitting vulnerable because of this.

     

    0
    Comment actions Permalink
  • Avatar
    tiendadesilvina

    Mismo error, imposible activar

    0
    Comment actions Permalink
  • Avatar
    Magnus Schmitz

    Same Error.

     

    Changing the update interval from weekly to monthly resolved it in the first place....

     

    I even tried to change to Atomic but there is an error as well...

    0
    Comment actions Permalink
  • Avatar
    Admin

    Finally there is a file at the destination URL on the Comodo server BUT my Plesk is still not happy about it.

    So I fixed it by copying the text in 'custom directives' and 'security rule IDs' to notepad.

    Then changing the rule set to Atomic Standard (free) - it took a good minute or two to save that.

    And then finally going back to Comodo (free) and pasting back the settings I saved earlier.

    I could have possibly waited until it self updated but it didn't work when I tried changing the daily to weekly updates and back again or anything else for that matter.

    -----------------------------------------------------------------------------------

    *** Below is a copy of the original error for future reference ***

    Error: Failed to update the ModSecurity rule set: modsecurity_ctl failed: <urlopen error timed out>. Retry<urlopen error timed out>. RetryERROR:root:Error
    Traceback (most recent call last):
    File "/usr/lib64/plesk-9.0/modsecurity_get_vendor_ruleset/modsecurity_get_vendor_ruleset.py", line 53, in main
    File "/usr/lib64/plesk-9.0/modsecurity_get_vendor_ruleset/modsecurity_get_vendor_ruleset.py", line 35, in get_vendor_ruleset
    File "/usr/lib64/plesk-9.0/modsecurity_get_vendor_ruleset/plesk_atomic.py", line 105, in download
    with closing(urllib2.urlopen(url, timeout=15)) as fin:
    File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
    File "/usr/lib64/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
    File "/usr/lib64/python2.7/urllib2.py", line 449, in _open
    '_open', req)
    File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
    File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open
    context=self._context, check_hostname=self._check_hostname)
    File "/usr/lib64/python2.7/urllib2.py", line 1214, in do_open
    raise URLError(err)
    URLErrorWrapper: Error interacting with https://waf.comodo.com/doc/meta_comodo_apache.yaml: <urlopen error timed out>
    Unable to download comodo_free rule set

    ---------------------------------------------------

    ***Below is from the Comodo Server : https://waf.comodo.com/doc/meta_comodo_apache.yaml ***

    ---
2.7.5:
  MD5: baf05d38fceb2c0c099bc69a7b76570c
  SHA512: bbe06db127527aefcda3f681bc1f729c56502f72be847e72239bf9969a653d238a147b68ed1af6713e10526c00dd9aef4b9b7baaf2a14492dc083b2610ae4abb
  distribution: comodo-apache-1233
  url: https://waf.comodo.com/api/cpanel_apache_vendor
2.7.7:
  MD5: baf05d38fceb2c0c099bc69a7b76570c
  SHA512: bbe06db127527aefcda3f681bc1f729c56502f72be847e72239bf9969a653d238a147b68ed1af6713e10526c00dd9aef4b9b7baaf2a14492dc083b2610ae4abb
  distribution: comodo-apache-1233
  url: https://waf.comodo.com/api/cpanel_apache_vendor
2.8.0:
  MD5: baf05d38fceb2c0c099bc69a7b76570c
  SHA512: bbe06db127527aefcda3f681bc1f729c56502f72be847e72239bf9969a653d238a147b68ed1af6713e10526c00dd9aef4b9b7baaf2a14492dc083b2610ae4abb
  distribution: comodo-apache-1233
  url: https://waf.comodo.com/api/cpanel_apache_vendor
2.9.0:
  MD5: baf05d38fceb2c0c099bc69a7b76570c
  SHA512: bbe06db127527aefcda3f681bc1f729c56502f72be847e72239bf9969a653d238a147b68ed1af6713e10526c00dd9aef4b9b7baaf2a14492dc083b2610ae4abb
  distribution: comodo-apache-1233
  url: https://waf.comodo.com/api/cpanel_apache_vendor
2.9.1:
  MD5: baf05d38fceb2c0c099bc69a7b76570c
  SHA512: bbe06db127527aefcda3f681bc1f729c56502f72be847e72239bf9969a653d238a147b68ed1af6713e10526c00dd9aef4b9b7baaf2a14492dc083b2610ae4abb
  distribution: comodo-apache-1233
  url: https://waf.comodo.com/api/cpanel_apache_vendor
2.9.2:
  MD5: baf05d38fceb2c0c099bc69a7b76570c
  SHA512: bbe06db127527aefcda3f681bc1f729c56502f72be847e72239bf9969a653d238a147b68ed1af6713e10526c00dd9aef4b9b7baaf2a14492dc083b2610ae4abb
  distribution: comodo-apache-1233
  url: https://waf.comodo.com/api/cpanel_apache_vendor
2.9.3:
  MD5: baf05d38fceb2c0c099bc69a7b76570c
  SHA512: bbe06db127527aefcda3f681bc1f729c56502f72be847e72239bf9969a653d238a147b68ed1af6713e10526c00dd9aef4b9b7baaf2a14492dc083b2610ae4abb
  distribution: comodo-apache-1233
  url: https://waf.comodo.com/api/cpanel_apache_vendor
attributes:
  description: COMODO ModSecurity Rules for Apache
  name: COMODO ModSecurity Apache Rule Set
  vendor_url: https://waf.comodo.com
  report_url: https://waf.comodo.com/api/cpanel_feedback?source=0&rule_set=1.233
    1
    Comment actions Permalink
  • Avatar
    Francois Francois

    Doing it right now again.
    https://waf.comodo.com/doc/meta_comodo_apache.yaml is dead

    0
    Comment actions Permalink
  • Avatar
    Admin

    I gave up on the comodo rules and changed to Imunify360 -  https://www.plesk.com/extensions/imunify360/

    Imunify360 is brilliant and I can't recommend it enough as it also includes a host of other features.

    I also tried Juggernaut Firewall and it was terrible, it broke my server and the support was so unhelpful and rude.

     

    0
    Comment actions Permalink
  • Avatar
    Francois Francois

    Imunify is not free :(

    0
    Comment actions Permalink
  • Avatar
    Admin

    Yeah that is unfortunate but still really worth while. Also its based on how many users on your control panel rather than websites. So if you are the sole manager of all the websites, its one license.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles