• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Question How to show logs for webmail.DOMAIN.com subdomain? Log section shows only logs for main domain

You can disable the rules globally or for a particular domain/subdomain. You can find detailed instructions here. I am not quite sure I was able to understand what you are implying to be a Plesk bug that needs to be fixed by the developers. Sorry. However, webmail being inaccessible while using the OWASP rule set is not a Plesk bug.
 
no, to turn off webapp firewall for one (1) specific domain domain.com does not disabled it for webmail.domain.com

1736970634862.png
 
when i disable webapp fw globally (so NOT domain-specific! Which means: on domain settings), the roundcube webmail on webmail.domain.com works.

1736970860310.png
 
so what to do now?

- disable on domain level does not include webmail subdomain
- disabled webabb fw globally is not what i want
- to apply curstom settings via command line (custom settings text box) does not work either due of using nginx (instead of apache) or inactive/locked (not: "disabled") domain
 
the only one way seems to set the rule to low security filtering on global settings, then the message is gone on webmail.domain.com / roundcube
1736971231154.png
 

Attachments

  • 1736971211000.png
    1736971211000.png
    31.1 KB · Views: 1
<implying to be a Plesk bug that needs to be fixed by the developers>

No, i just want to say that it should be possible to edit (maybe disable completly) the webapp firewall for webmai(.domain.com) subdomain - indepedent from main domain custom settings and global settings. I dont hope that is too complex to understand!
 
And its also not a solution to exclude ~30 rule IDs globally (for every domain and subdomain) just because or webmail/horde... because that f**ks the security there
 
The whole idea is to exclude ONLY the rule/s that are triggering the issue, not to disable ModSecurity on the entire server. You need to check the logs (Domains > example.com > Logs, and turn off all logs other than ModSecurity to see if there are any entries) and determine the Rule ID, which next needs to be excluded following the instructions I linked in one of my previous replies.

Sebahat.hadzhi said:
You can disable the rules globally or for a particular domain/subdomain. You can find detailed instructions here.
Click to expand...

Lastly, I would like to kindly ask you to avoid using swear words on the Forum. We all want to keep the good tone here.
 
In theory, excluding the rule on a domain level should also affect webmail.domain.com. I can't say why exactly that's not working in this particular case. OWASP is a very restrictive set of rules and as the warning before enabling the ruleset indicates, it might cause issues with webmail, which is why it is not recommended. You can get in touch with our support team, so they can log into the server and review the logs, but please note that I cannot guarantee that they will be able to help as the configuration of the ruleset falls out of the scope of their expertise and it is usually something handled by clients.
 
jmar83 said:
OK - regarding https://support.plesk.com/hc/en-us/...*MTczNzU2MzI2MS4xNy4xLjE3Mzc1NjMzOTguNjAuMC4w

- When i disable OWASP rules #1 949110 and 959100 globally, it works - but that is for EVERY DOMAIN

- When i disable OWASP rules #1 949110 and 959100 for domain (www.)mydomain.com it does NOT work for webmail.mydomain.com


So you think this is correctly?
Click to expand...

Fully disabling OWASP for a subdomain( e.g. webmail.*) is easy:

SecRule REQUEST_HEADERS:Host "@beginsWith webmail." \
"id:1001010,\
phase:1,\
pass,\
nolog,\
setvar:tx.webmail_roundcube=1"

SecRule TX:webmail_roundcube "@eq 1" \
"id:1001011,\
phase:1,\
pass,\
nolog,\
ctl:ruleRemoveByTag=OWASP_CRS"

Paste these 2 rules into additional global modsec rules.

Only disabling SOME of the rules depending on conditions however is the issue I am trying to solve.

There is an officially tested OWASP plugin (GitHub - EsadCetiner/roundcube-rule-exclusions-plugin: OWASP CRS 3rd party plugin for Roundcube webmail) for roundcube that disables certain rules, while keeping others enabled for roundcube.

However, the plugin uses a relative path like / or /roundcube/, not a subdomain or whatever internal URL (re)-writing that might go on within Plesk for roundcube.

With the Comodo ruleset basically stagnant, and Atomicorp free being very basic, it would be cool if at least the apps that come with / are supported by Plesk, like Roundcube, are made compatible with the OWASP ruleset by Plesk, maybe by maintaining a conditional whitelist like the plugin does. Because, otherwise, if integral services like webmail stop working when using this ruleset, it’s either quite useless or quite unsafe, if the „solution“ is to disable triggered rules globally.
 
You must log in or register to reply here.

Similar threads

Azurel
Resolved AWStats shows only “Not viewed traffic”, normal traffic stays at 0
Replies
2
Views
632
Azurel
Azurel
N
Issue 421 Misdirected Request on Apache-only Plesk server after recent Apache update (CVE-2025-23048)
Replies
2
Views
7K
NatuurlijkHosting
N
V
Issue Webmail (Roundcube) returns 500 error due to forced OS PHP 7.4 FastCGI instead of Plesk PHP handler
Replies
10
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
G J Piper
Resolved SSL It! Let's Encrypt Not Issuing Certificate on MX-only Domain
Replies
8
Views
3K
G J Piper
G J Piper
C
Resolved Error 500 after changing from temporary .plesk.page to a real domain
Replies
2
Views
2K
celebrir
C
Back
Top