modsec

Hi guys, i have Plesk installed on AlmaLinux 8.10 (Cerulean Leopard) with Plesk Obsidian 18.0.70. For some days now, ModSecurity (Atomicorp) has not been logging events for some domains to the modsec_audit.log file. However, the WAF is working correctly, as its actions are clearly shown in the...

I need to make requests to the server via python scripts. This is prevented by default through ModSecurity Rule 913101 (User-Agent associated with scripting/generic HTTP client). To keep the highest level of security, I want to allow python requests only from certain IP addresses. For this...

I'm trying to get the following rule to work but it seems to do nothing: # Test IP address and block by country code SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat SecRule REMOTE_ADDR "@geoLookup" "chain,id:20,drop,msg:'Block China IP address'" SecRule GEO:COUNTRY_CODE "@streq CN HK" I have had the...

We've tried disabling a Modsecurity rule both ways as per the knowledge base but it keep triggering. Any ideas? How to disable a single ModSecurity rule for a website? OS ‪CentOS Linux 7.6.1810 (Core)‬ Product Plesk Onyx Version 17.8.11 Update #56,

Hello All! I have installed ModSecurity with basic atomic rules. The module is running, the log file contains error messages etc. The problem is that testing url mydomain.com/?abc=../../ is captured by ModSecurity, but returns the default Apache test page instead of 403 error: Apache 2 Test...

Hello Guys, I have a problem with my hosting server wich is running Plesk 17. When I started the server apache wasn't running at all. So I logged in with ssh and did "sudo service httpd start" after that I did "sudo service httpd status". I got the following log: Sep 19 15:53:29 SERVERNAME...