• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Lots of ongoing issues with the default Comode ModSecurity ruleset

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
It's not a bug, but it's a bit annoying.:On Obsidian no day passes on which we don't get a call or support ticket from a customer who is blocked by fail2ban because his website offended some Comodo basic ModSecurity rule. We have seen it on Wordpress websites frequently when customers simply use the Wordpress editor, we've also seen it in shop systems. We have also seen it in Nextcoud installations.

It is always these two rules:
210710
214930
and sometimes a third, that may vary.

So basically one can say: If these are not added to the exception list of the "Web Application Firewall" icon, most customers will sooner or later run into problems with accessing their sites, because they will be blocked by fail2ban responding to ModSecurity 403 blocks in the webserver log files. It might be a good idea for Plesk staff to check into these rules and consider disabling them by default. It's not feasible to have rules in place who frequently act against their own website operators.

The same issues are not occuring with the Atomic basic rule set on Onyx systems.
 
This seems to be a bigger issue than what we originally thought. We are now also seeing it on other software, for example Shopware. It's always rules 210710 and 214930.
 
Last edited:
We are facing the exact same issues with the two rules 210710 and 214930 on a new Plesk server. Many legitimate requests are being blocked. We just updated a couple of days ago from an older Plesk version where ModSecurity was not enabled.
 
Now reported in

Forwarded to devs - Recurring issues in all websites with ModSecurity ruleset

User name: Peter Debik TITLE Recurring issues in all websites with ModSecurity ruleset PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE Obsidian, latest MU, CentOS 7.8 PROBLEM DESCRIPTION The ModSecurity default basic rules keep blocking website users as described in this thread...
talk.plesk.com talk.plesk.com
because its just too much support cases and trouble for customers.
 
You must log in or register to reply here.

Similar threads

brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
Bitpalast
Forwarded to devs Recurring issues in all websites with ModSecurity ruleset
Replies
8
Views
4K
ahoi
A
Bitpalast
Issue ModSecurity lately feels offended by Wordpress in several customer installations, is triggered by rule 222212
Replies
6
Views
4K
bachit
B
P
Issue Connection issues from one ISP
Replies
12
Views
3K
Apofhiz21
A
Azurel
Issue ModSecurity: Issue with Comodo rules set?
Replies
1
Views
3K
Azurel
Azurel
Back
Top