Question How to show logs for webmail.DOMAIN.com subdomain? Log section shows only logs for main domain

[Sebahat.hadzhi]

You can disable the rules globally or for a particular domain/subdomain. You can find detailed instructions here. I am not quite sure I was able to understand what you are implying to be a Plesk bug that needs to be fixed by the developers. Sorry. However, webmail being inaccessible while using the OWASP rule set is not a Plesk bug.

 

[jmar83]

no, to turn off webapp firewall for one (1) specific domain domain.com does not disabled it for webmail.domain.com

 

[jmar83]

so message on webmail.domain.com is still present

 

[jmar83]

when i disable webapp fw globally (so NOT domain-specific! Which means: on domain settings), the roundcube webmail on webmail.domain.com works.

 

[jmar83]

so what to do now?

- disable on domain level does not include webmail subdomain
- disabled webabb fw globally is not what i want
- to apply curstom settings via command line (custom settings text box) does not work either due of using nginx (instead of apache) or inactive/locked (not: "disabled") domain

 

[jmar83]

the only one way seems to set the rule to low security filtering on global settings, then the message is gone on webmail.domain.com / roundcube

 

[jmar83]

but that is not a solution, that is only a workaround that causes a security risk wtf...

 

[jmar83]

<implying to be a Plesk bug that needs to be fixed by the developers>

No, i just want to say that it should be possible to edit (maybe disable completly) the webapp firewall for webmai(.domain.com) subdomain - indepedent from main domain custom settings and global settings. I dont hope that is too complex to understand!

 

[jmar83]

And its also not a solution to exclude ~30 rule IDs globally (for every domain and subdomain) just because or webmail/horde... because that f**ks the security there

 

[jmar83]

???

 

[Sebahat.hadzhi]

The whole idea is to exclude ONLY the rule/s that are triggering the issue, not to disable ModSecurity on the entire server. You need to check the logs (Domains > example.com > Logs, and turn off all logs other than ModSecurity to see if there are any entries) and determine the Rule ID, which next needs to be excluded following the instructions I linked in one of my previous replies.

You can disable the rules globally or for a particular domain/subdomain. You can find detailed instructions here.

Lastly, I would like to kindly ask you to avoid using swear words on the Forum. We all want to keep the good tone here.

 

[jmar83]

OK - regarding https://support.plesk.com/hc/en-us/...*MTczNzU2MzI2MS4xNy4xLjE3Mzc1NjMzOTguNjAuMC4w

- When i disable OWASP rules #1 949110 and 959100 globally, it works - but that is for EVERY DOMAIN

- When i disable OWASP rules #1 949110 and 959100 for domain (www.)mydomain.com it does NOT work for webmail.mydomain.com


So you think this is correctly?

 

[Sebahat.hadzhi]

In theory, excluding the rule on a domain level should also affect webmail.domain.com. I can't say why exactly that's not working in this particular case. OWASP is a very restrictive set of rules and as the warning before enabling the ruleset indicates, it might cause issues with webmail, which is why it is not recommended. You can get in touch with our support team, so they can log into the server and review the logs, but please note that I cannot guarantee that they will be able to help as the configuration of the ruleset falls out of the scope of their expertise and it is usually something handled by clients.

 

[jmar83]

ok