Question How to show logs for webmail.DOMAIN.com subdomain? Log section shows only logs for main domain

[jmar83]

Server operating system version

Debian 10.13

Plesk version and microupdate number

18.0.66 Update #1

How to show logs for webmail.DOMAIN.com subdomain? I have a problem with roundcube webmail (shows me a http 403 instead to list the mails in the web GUI)

Log section shows only logs for main domain, but not for subdomains so it seems...

Thank you very much for your feedback(s).

 

[jmar83]

Hmmm... yes, now i disabled the OWASP Webapp firewall on global settings (which means webapp firewall generally disabled) and now it works.

So: How to exclude the problematic rules for webmail.domain.com but not for domain.com?

And: So it seems, i can't use custom domain settings (on URL https://my-server.com:8443/smb/web/web-server-settings/id/[WEBSITE_ID]) because the domain is locked (not "disabled", otherwise i would not be able to use the mail system anymore)

 

[jmar83]

this:

<LocationMatch "/roundcube/">
SecRuleEngine Off
</LocationMatch>

https://support.plesk.com/hc/en-us/articles/12377735134743-Webmail-is-not-working-on-a-Plesk-server-when-ModSecurity-with-OWASP-or-Comodo-rule-set-is-enabled-Error-when-communicating-with-the-server

View attachment 27692

 

[jmar83]

UPDATE:
now i saw that domin.com/roundcube is not present - and also not domain.com/webmail. my system uses webmail.domain.com

 

[Sebahat.hadzhi]

Where are you trying to add the rule, please? It should be under Custom directives in Tools & Settings > Web Application Firewall (ModSecurity) > Settings rather than the domain/subdomain itself.

 

[jmar83]

Thank you very much for your feedback. So: What do i need to add here to exclude OWASP webapp firewall for webmail.domain-a.com, webmail.domain-b.com, webmail.domain-c.com, ...

 

[Sebahat.hadzhi]

Please add only the following value there:

<LocationMatch "/roundcube/">
SecRuleEngine Off
</LocationMatch>

If the issue continues, let us know.

 

[jmar83]

doesn't work so it seems

 

[jmar83]

so i already said, on my plesk server roundcube is NOT on domain.com/webmail - it's on webmail.domain.com. (and no, i changed nothing on default configuration. i don't know on which plesk version roundcube is on /webmail URL path?)

 

[Sebahat.hadzhi]

For this particular rule it does not matter what domain/subdomain you are using. The default webmail URI should start with /roundcube/, which is what the rule is aimed at. However, it looks like you are using NGINX-based ModSecurity rule set. So, let's try blocking the rule causing the issue. Please check /var/log/modsec_audit.log for any ModSecurity entries matching webmail.domain.com. If there are any matches you can locate the rule ID and disable it as per this guide.

 

[jmar83]

ok so now i changed to apache based modsec ruleset, not the apache config intrustions was saved but they are red and it still does not work

 

[jmar83]

why?

 

[jmar83]

Comodo is not an option because the ruleset update fails almost everytime

 

[Sebahat.hadzhi]

If the issue is ModSecurity related, it possible for the request to be blocked excluding 'roundcube' from the URI. This is something that you should be able to verify in the logs. Could you please check /var/log/modsec_audit.log for any entries matching webmail.domain.com?

 

[jmar83]

There is a list somewhere in the WWW with all rule IDs i have to disable (but i don't have the URL yet, need to search it) - so please just explain me to to apply there rules for domain webmail.domain.com... (on the main domain page, these subdomain does not seems to apply when i configure it on apache "custom settings")

 

[jmar83]

(The rule IDs are useless when i can't apply them in plesk GUI... so i firstly need to know how to apply them before i search for that rule IDs... otherwise, its a waste of time i.m.o...)

 

[jmar83]

now i asked ChatGPT for the rules / config instructions... but when i apply them on custom domain settings, i just get an error message

 

[jmar83]

with "custom domain settings" i meant that:

https://domain.com:8443/smb/web/web-server-settings/id/[DOMAIN_ID]

 

[jmar83]

So you see, the domain is locked for some reasons (which means website is not available anymore, but mail system still works)

So i think, the apache custom settings will not match anymore when the domain is locked - right? And also because of that the instructions config will result on a error AH00526

 

[jmar83]

I think the problem is "by design" in Plesk so it should be fixed/solved by the Plesk developer team - right!?