Resolved ModSecurity configuration files and directives remain on the server after its removal

[Jürgen_T]

Server operating system version

Ubuntu 22.04.5 LTS

Plesk version and microupdate number

Plesk Obsidian v18.0.64_build1800240913.11 os_Ubuntu 22.04

After some problems with Modsecurity I removed it using Plesk installer (web interface). This seemed to work and now it is indicated as removed



However in /etc/nginx/conf.d/ modsecurity.conf still exists with the following content:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity.d/main.conf;

So it says Modsecurity is on and receives the configuration by .../main.conf what also exists in /etc/nginx/modsecurity.d/ Here you find the files:



Looking in the nginx protocolls I find the error "2024/09/19 18:39:48 [notice] 648077#0: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/2399/0)"

So, I suppose installing and removing modsecurity by plesk installer leave rests in the nginx configuration. Is this wanted or an issue?
However, is it safe to simply remove the modsecurity files/directories in the nginx configuration to get rid of the errors?

 

[Sebahat.hadzhi]

Thank you for the report. I was able to reproduce the issue. I am consulting with our team and I will update you shortly.

 

[Sebahat.hadzhi]

@Kulturmensch, our team confirmed the behavior as a bug with ID PPPM-14616. A fix will be introduced in one of the upcoming releases. I cannot provide any ETA for the time being.

In the meantime, there shouldn't be a problem to manually remove /etc/nginx/conf.d/modsecurity.conf and the entire /etc/nginx/modsecurity.d/ directory. If ModSecurity is installed again, they will be recreated.

Thank you once again for bringing the issue to our attention.

 

[Jürgen_T]

Thank you for checking this issue. I removed the modsecurity rests and found also modsecurity-files in each /var/www/vhosts/sytems/xxx.domain.tld/conf/
Just to complete the information. I removed all files with an impact to nginx and it works. Now the error has gone.

 

[Jürgen_T]

I just started to give modsecurity a second try but got this after re-installed it with plesk-installer:
modsecurity_ctl failed: START nginx_modules_ctl --no-restart --enable modsecuritynginx: [emerg] unknown directive "modsecurity" in /etc/nginx/conf.d/modsecurity.conf:5nginx: configuration file /etc/nginx/nginx.conf test failedNginx configuration after enable of 'modsecurity' is in invalid state, rollback the changeDer aktuelle ModSecurity Regelsatz kann nicht verwendet werden und die vorherige Version kann nicht wiederhergestellt werden, da beide ungültige Regeln enthalten.
Any idea how to get it work?

 

[Sebahat.hadzhi]

I am unable to find any similar cases and unfortunately, not quite sure what is causing the issue. If you have the option, please open a support ticket so our team could log into the server and check what might be triggering the error.