Facebook
Twitter
It requires an Apache reload after the change, but it works. Thank you.
I think @Azurel has a point. This should be checked.
I think @Azurel has a point. This should be checked.
Where did you add your lines?
@Azurel , @Bitpalast , I created an internal case for the behavior to be further evaluated by our team. I will follow-up with more details as soon as possible.
Could you guys who encountered the Internal Server Error confirm what ruleset are you using? It seems the issue appears with Apache ModSecurity 2.9/Comodo (free), but our team wants to gather more information. Thanks in advance.
Onkeltom01
Basic Pleskian
I use Apache ModSecurity 2.9/OWASP (free)
Comodo (free) running on Apache (ModSecurity 2.9)
The behavior was confirmed as a bug with ID PPPM-15381. At the time being, I cannot suggest a workaround other than increasing
SecResponseBodyLimit. I will follow-up with more details as soon as our team decides what the best approach will be. Thank you for bringing our attention to the matter.
An update to @Azurel 's plausible suggestion to exclude the /plesk-stat/ directory from ModSecurity. To achieve this, one simple solution is to place the
part into the Tools & Settings > Security > Web Application Firewall (ModSecurity) > Settings > Custom directives. The setting will be written to the /etc/httpd/conf/plesk.conf.d/modsecurity.conf file that will be applied globally to all Apache virtual hosts on the next reload or restart of Apache. So it is not necessary to create the configuration for each individual domain, but if you want it applied, run
Code:
<Location "/plesk-stat/">
SecRuleEngine Off
</Location>part into the Tools & Settings > Security > Web Application Firewall (ModSecurity) > Settings > Custom directives. The setting will be written to the /etc/httpd/conf/plesk.conf.d/modsecurity.conf file that will be applied globally to all Apache virtual hosts on the next reload or restart of Apache. So it is not necessary to create the configuration for each individual domain, but if you want it applied, run
# service httpd reload after adding the part to the custom directives.Similar threads
