modsecurity

I am having an issue with one of my server's IM360 ModSecurity Rule sets. I have another server with identical configuration (so I thought) where this issue is not present. The Issue: IM360 is configured and appears to be working fine. Fail to ban is OFF. Modsecurity is configured to use IM360...

I've been getting emails related to a cron job which is apparently supposed to call a Python script to shrink the ModSecurity SDBM database (at least I assume that's what it's for since I found a similar utility on GitHub). Originally I was getting an error saying that the path to the python...

I installed the Advanced ModSecurity Rules by Atomicorp extension, purchased the license. The rules of Advanced ModSecurity Rules by Atomicorp in the Modsecurity panel (web application firewall) does not appear. I have tried uninstalling and reinstalling modsecurity but the problem remains.

Dear support team, dear community. I'm new and I have some questions and I ask for your valued help as I still lack some experience. I get these error messages in the logs below. I read to use SSL it on the first two errors, which I do. Nevertheless, these error messages keep coming for all...

I have a website hosted by Goodhost.kz with Plesk control panel. The site is built on WordPress using Elementor. Yesterday, when saving changes to the site through Elementor, there was a "500 Error". Also, there was a "500 Internal Server Error" error when logging into the WordPress admin panel...

Hello, I have Mod security enabled on the server. Recently, we've been getting daily bots from cortex/1.0 bot (faceboook). WAF is on and set to comdo Free, and predefined to FAST. I have added some custom rules in the custom directives to limit that user-agent, from a solution I saw online used...

OS: CentOS Linux 7.9.2009 (Core) Plesk Obsidian Version 18.0.38 The configuration page in Tools: ModSecurity always worked. But yesterday i found a problem. I had to change something in modsecurity. But yesterday i open: Tools -> Web Application Firewall (ModSecurity). The page is endless...

Hello, With mod_security enabled (in detection mode only, in conjunction with fail2ban) we've got a lot of errors of this type : "collections_remove_stale: Failed deleting collection (name "ip", key "xxxxx"): Internal error (specific information not available) Apache-Error: [file...

After updating from Onyx on two separate servers I'm receiving the following message in my fail2ban logs: 2020-02-25 09:32:00,864 fail2ban.filter [9022]: INFO [plesk-modsecurity] Found 107.77.207.56 - 2020-02-25 09:32:00 2020-02-25 11:20:40,767 fail2ban.ipdns [9022]: WARNING Unable...

I'm trying to get the following rule to work but it seems to do nothing: # Test IP address and block by country code SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat SecRule REMOTE_ADDR "@geoLookup" "chain,id:20,drop,msg:'Block China IP address'" SecRule GEO:COUNTRY_CODE "@streq CN HK" I have had the...

Hello, I wish to report a bug, and the fix, in the current released version of Plesk's modsecurity package version which is causing a segmentation fault in apache under Plesk Obsidian/Debian 9. /var/log/apache2# apt-cache policy libapache2-modsecurity-plesk libapache2-modsecurity-plesk...

Before I go ahead let me mention couple of things, I'm having a dedicated server with CentOS 7, Plesk Onyx Web Pro Edition with Firewall, Fail2Ban & Modsecurity switched ON and nginx as my main webserver. (Not using Apache) From past 3 days, all of a sudden there was a spike in traffic and it...

We've tried disabling a Modsecurity rule both ways as per the knowledge base but it keep triggering. Any ideas? How to disable a single ModSecurity rule for a website? OS ‪CentOS Linux 7.6.1810 (Core)‬ Product Plesk Onyx Version 17.8.11 Update #56,

I am having this error: The description for Event ID 1 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. SecReadStateLimit...

I read the howto to find out the ID .. but in my logfile there is to this event no ID.. how can I stop the admins from being blocked? --13f9e059-A-- [09/Apr/2019:17:09:57 +0200] XKy1wVdi8vEAAEi-kCsAAAAA xx.xx.xx.xx 53359 xx.xx.xx.xx 7081 --13f9e059-B-- POST /wp-admin/admin-ajax.php HTTP/1.0...

Hello, I am using the plesk panel in centos 7 and I have the error of the image, could you help me with this error? Thank you

Hello, I use Plesk on Ubuntu and installed Mod_Security with Comodo ModSecurity subscription. I also set "Predefined Set Of Values" to THOROUGH. For large pages it returns an Error 500 page. The mod_security log file says: Message: Output filter: Response body too large (over limit of...

Hi there I'm seeing the following error: Atomic ModSecurity No valid configurations found. Please run: /var/asl/bin/asl -c stderr while trying to enable Mod Security on a fresh CentOS 7 server, Plesk Onyx 17.8.11. Any input on how to solve the problem? Thanks!

Hello All! I have installed ModSecurity with basic atomic rules. The module is running, the log file contains error messages etc. The problem is that testing url mydomain.com/?abc=../../ is captured by ModSecurity, but returns the default Apache test page instead of 403 error: Apache 2 Test...

Plesk Onyx v17.8.11_build1708180301.19 os_Ubuntu 16.04 I've recently noticed the following in my modsec_audit.log: Message: collection_store: Failed to access DBM file "/var/asl/data/msa/ip": Permission denied Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client xxx.xxx.xxx.xxx]...