• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved 403 - Forbidden: Access is denied for PUT and PATCH Request

A

AV0408

New Pleskian
Server operating system version
Microsoft Windows Server 2019
Plesk version and microupdate number
18.0.55 Update #2
Hi, I recently deployed .Net Core Web API on Plesk and once I try to use PATH and PUT methods I'm getting 403 Error.

1705627436341.png

But the POST and GET are working
1705627490107.png
1705627515782.png
 
I got the similar issue in my Nest JS API. PUT,PATCH,DELETE methods gives 403 - Forbidden error.
Solution :
Go to Plesk -> 'Tools & Settings' -> Web Application Firewall (ModSecurity) -> Settings
- Rule set : Atomic Standard

This worked for me.
1711544307299.png
 
Switching the ruleset might not be necessary. For one case, another ruleset might work, but it may create false positives in other cases.

Instead, examine the error_log entry where the 403 error is logged. It will mention an [ID .......] field. This is the rule ID that triggered the 403 block. You could at it as an exception to the rule exceptions in the "Web Application Firewall" dialog page.
 
Okay, I have again enabled Rule set : OWASP . In my case, I have deactivated 'OWASP_CRS' Rule and everything is working as expected.
Thank you for the correct solution.
 
You must log in or register to reply here.

Similar threads

M
Issue Database Connection Refused 10 mins after Deploy
Replies
1
Views
269
scsa20
scsa20
F
Question Publish a Web API using .NET Core
Replies
4
Views
14K
RobertMa
R
M
Issue Sub domain additional nginx directives
Replies
1
Views
477
Vladimir C.
V
C
Question ModSecurity "Access denied with code 403"
Replies
11
Views
3K
Colonel36
C
S
Issue Laravel app cannot load vite scripts
Replies
0
Views
451
Scarlet D.
S
Back
Top