• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Disable rules by id for Mod security with Atomic rules

O

Oto Tortorella

Basic Pleskian
Hello there,

I've mod_security active with the Atomic Ruleset and I need to disable some rules using their ID.
I go to "Web Application Firewall" into the website overview page and i put the rule ID into the field "Switch off security rules" -> "Security rule IDs" but nothing happens. The rules remain active and continue to be used to block the event.

If i try to search in the field below, "Tags", nothing shows up.

Does this interface work for the Atomic ruleset?
If not, why is it enabled?

Cheers
Oto Tortorella
 
You can do this from the command line (assuming you are using ASL)

you would use the asl command with one of the following flags

-dr --disable-rule Disable modsec rule(s) by signature ID
Usage: -dr 123456[,123457,...]

-drv --disable-rule-vhost Disable modsec rule(s) by vhost(s)
Usage: -drv 123456[,123457] foo.bar.com[,bar.foo.com,...]
Each rule id will be disabled on each vhost



Then restart httpd
 
Yes thanks, but how can the customer disable a problematic rule?
I was confident that the web interface to the rule management was functional.
Atomic rules are very well done and infrequently cause problems, but sometimes they do.
 
Honestly allowing the customer (end user) to disable rules is a bad idea in my mind - they could disable something truly intended to protect the server and provide critical functionality. I would recommend that you manage the rules and if they require something have them contact you.
 
I have experieced resellers and they are perfectly able to manage this kind of things. The server is their so they should be able to manage that.
The other point is that if the web managing interface is present it should work or should be disabled when Atomic is selected.
The way it works now seems buggy to me.

Thank you for your reply.
 
Completely agree with you Oto, this interface should be disabled if it does nothing, right now it causes confusion where you expect a rule to be disabled and nothing happens.
 
I though I was having this same issue. I found that putting the ID in the Security rule IDs box and clicking Apply did not cause the rule to be instantly disabled. Something needed restarting (not sure if it was apache, or nginx, or something else). By switching that domain to Detection Only and then right back to On, the rule was disabled for that domain.
 
I also find that, recently, it started to work. Putting a rule ID in the box disables the rule even if you are using Atomic.
Cheers!
 
You must log in or register to reply here.

Similar threads

Q
Issue mod security settings for nextcloud works only fo several hours
Replies
0
Views
783
Quit96
Q
michaeljoseph01
Question How to block non-mail traffic to certain ip?
Replies
1
Views
699
MarkM
MarkM
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
2K
The 8th
The 8th
F
Resolved Web Application Firewall Security Rules Not Deactivating
Replies
2
Views
2K
FizzyDev
F
CobraArbok
Question Change SSH Port and how to make Plesk secure?
Replies
1
Views
2K
Monty
Monty
Back
Top