• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved ModSecurity configuration files and directives remain on the server after its removal

Kulturmensch

Kulturmensch

Regular Pleskian
Server operating system version
Ubuntu 22.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian v18.0.64_build1800240913.11 os_Ubuntu 22.04
After some problems with Modsecurity I removed it using Plesk installer (web interface). This seemed to work and now it is indicated as removed

1726818461663.png

However in /etc/nginx/conf.d/ modsecurity.conf still exists with the following content:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity.d/main.conf;
Click to expand...

So it says Modsecurity is on and receives the configuration by .../main.conf what also exists in /etc/nginx/modsecurity.d/ Here you find the files:

1726818544261.png

Looking in the nginx protocolls I find the error "2024/09/19 18:39:48 [notice] 648077#0: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/2399/0)"

So, I suppose installing and removing modsecurity by plesk installer leave rests in the nginx configuration. Is this wanted or an issue?
However, is it safe to simply remove the modsecurity files/directories in the nginx configuration to get rid of the errors?
 
@Kulturmensch, our team confirmed the behavior as a bug with ID PPPM-14616. A fix will be introduced in one of the upcoming releases. I cannot provide any ETA for the time being.

In the meantime, there shouldn't be a problem to manually remove /etc/nginx/conf.d/modsecurity.conf and the entire /etc/nginx/modsecurity.d/ directory. If ModSecurity is installed again, they will be recreated.

Thank you once again for bringing the issue to our attention.
 
Thank you for checking this issue. I removed the modsecurity rests and found also modsecurity-files in each /var/www/vhosts/sytems/xxx.domain.tld/conf/
Just to complete the information. I removed all files with an impact to nginx and it works. Now the error has gone.
 
You must log in or register to reply here.

Similar threads

O
Issue ModSecurity 3.0 + OWASP | Geo2ip lite
Replies
0
Views
621
othmaqsa
O
P
Issue Restoring backup on a new server fails always
Replies
2
Views
555
Kaspar@Plesk
Kaspar@Plesk
Bitpalast
Forwarded to devs Update to 18.0.63 #4 removed /etc/fail2ban/jail.local, crashed Fail2Ban
Replies
3
Views
618
Sebahat.hadzhi
Sebahat.hadzhi
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
727
NewGate
N
G
Issue AH01574 - New configuration files for the Apache web server - No matches for the wildcard '*asl*.conf
Replies
0
Views
580
gmadkins
G
Back
Top