• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

modsecurity

  1. Kulturmensch

    Issue Modsecurity works with Apache but error with nginx

    I just started to give modsecurity a second try but got this after re-installed it with plesk-installer. Starting with the configuration Nginx (Modsecurity 3.0) I get the following error: Changing the configuration from Nginx (Modsecurity 3.0) to Apache (Modesecurity 2.9) it starts without...
  2. T

    Issue ModSecurity and bad gateway 500 nginx

    Hello since last update i have much trouble with my plesk installation Every night turn my plesk all the engines off apache and nginx and my websites are not resolvable i get then nginx500 bad gateway. It's seems to have problems with ModSecurity because if i go to my plesk i see a error...
  3. Kulturmensch

    Resolved ModSecurity configuration files and directives remain on the server after its removal

    After some problems with Modsecurity I removed it using Plesk installer (web interface). This seemed to work and now it is indicated as removed However in /etc/nginx/conf.d/ modsecurity.conf still exists with the following content: So it says Modsecurity is on and receives the configuration...
  4. K

    Question modsecurity

    --0c650000-F-- HTTP/1.1 500 Internal Server Error --0c650000-H-- Message: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/modsecurity_crs-plesk/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1367"] [id "920320"] [msg "Missing User...
  5. H

    Question When can we get Apache supported Modsecurity v3x?

    Hi Forum, We are using the Apache server in our production environment. To use ModSecurity V3 (libmodsecurity), we need to use the ModSecurity-apache connector. This project is under development and not production-ready. The functionality is not complete, so we cannot use use with Apache HTTP...
  6. R

    Issue Modsecurity don't start

    I have a problem when i try to active mod security in my server, i have that error: Can not restart web server: apache_control_adapter[843803]: graceful restart failed, perform full restartapache_control_adapter[843803]: apache_action(graceful): invoke_httpd_action failed, trying second...
  7. A

    Issue Additional Apache directives doesn't work

    Hi, As the title says when I try to use some directive in my vhost this one doesn't work, unlike when I write it in the main file. main file would be... /var/www/vhosts/system/domain/conf/httpd.conf vhost files would be... /var/www/vhosts/system/domain/conf/vhost_ssl.conf and vhost.conf (I...
  8. G

    Question ModSecurity - is there a way to view the installation/enabled date?

    Hi, is there a way to get the date ModSecurity was installed/enabled? I see the log files, but it looks like there is only a week's worth and I installed/enabled it before then. It wasn't installed on my Plesk installation, so I installed and activated the same date..perhaps I can determine...
  9. B

    Question Disable WAF (ModSecurity) if using Immunify360?

    Just want to check before I go ahead with this The youtube video above suggests disabling WAF (ModSecurity) if using Immunify360. I have a plesk server with 50+ websites hosted for clients. Is this something that is actually recommended to do?
  10. A

    Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian

    In the process of upgrading to Obsidian, I had this conflict ; Exception: Failed to solve dependencies: plesk-modsecurity-configurator conflicts with mod_security-2.9.2-centos7.19091318.x86_64 I did remove mod_security thinking I would reinstall it after upgrade. Maybe I should have used the...
  11. H

    Issue Using atomic corp rules for modsecurity but updating page via elementor doesn't work and gives internal server error.

    Hey everyone i have enabled modesecurity for my website using atomic corp rules. but when I update something on website using elementor keeping modsec on it gives me internal server error. if I turn off modsec and update it works fine. but I want to resolve this with modsec on. your help will be...
  12. X-HTTG

    Resolved Apache + Nginx As Reverse Proxy Imunify360 Question

    My current setup is Apache + ModSecurity with imunify360 ruleset. I want to run Nginx as a reverse proxy for Apache. Will I have to switch Mod security from Apache WAF to Nginx WAF with Imunify360 ruleset or do I keep Modsecurity as Apache? Is that supported?
  13. N

    Resolved ModSecurity / WCF call / 403

    Hi, I have a WCF site, that can't be called when ModSecurity is on. Found the description below in the EventViewer. Can this be solved? [client 46.39.122.103] ModSecurity: Access denied with code 403 (phase 1). Pattern match...
  14. E

    Issue Website registration check not working with ubuntu 22

    When entering this option we do not see any records, even though we have configured the tool to launch automatically daily at 06:25 every 60 minutes. When trying to launch the manual check, the following error appears: logparser failed: ERROR: Failed to construct 'audit-modsec-with-ts' step...
  15. T

    Question Allow specific Content types in Mod Security

    When I activate ModSecurity I have a problem with content types: [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type.||app.domain.de|F|2"] [data "TX:0=application/merge-patch+json"] Where I find die file userdata_wl_content_type to add...
  16. WebHostingAce

    Issue ModSecurity with Atomic Basic Rule Set appear be not working

    Hi, I'm using ModSecurity with Atomic Basic Rule Set across number of servers. Recently I have noticed the ModSecurity is not responding to any of these test explained this is support article...
  17. J

    Question modsecurity enabled via plesk web, but off via ssh command line

    Hello everyone I'm just curious, i have enabled modsecurity on all my websites and i can see it's working in the log files. Today i happened to run: plesk bin nginx -s to get a list of all the modules installed and their status and found modsecurity shows as OFF: brotli on...
  18. B

    Issue ModSecurity rule exception not working

    I need to make requests to the server via python scripts. This is prevented by default through ModSecurity Rule 913101 (User-Agent associated with scripting/generic HTTP client). To keep the highest level of security, I want to allow python requests only from certain IP addresses. For this...
  19. K

    Question ModSecurity Atomic rule set on Debian 11

    Hi In the Plesk Help Center, in the article 'Does Plesk support Debian 11' it is stated that ModSecurity Atomic rule set is not supported. Is there any prospect in supporting the (Advanced) Atomic rule set on Debian 11? What rule set do you use / advice? Thanks Kris
  20. S

    Resolved FORBIDDEN ACCESS

    Hello everybody, Some of my website visitor are getting FORBIDDEN ACCESS DENIED on my website. below is the information on modsecurity log: 15708555501342031954 141.101.107.81 80 127.0.0.1 80 --43640000-B-- GET /favicon.ico HTTP/1.1 Connection: Keep-Alive Accept...
Back
Top