• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

Issue ModSecurity / Imunify360 WAF rules update warning on LiteSpeed server

T

Thomas Oryon

Basic Pleskian
Server operating system version
Redhat linux
Plesk version and microupdate number
18.0.73
Hello Plesk Support Team,

We are receiving the below warning on our Plesk server:

+++
WARNING [2026-03-18 07:10:04,744] im360.subsys.panels.plesk.mod_security: Plesk doesn't support uninstalling rulesets.
WARNING [2026-03-18 07:10:14,881] im360.subsys.update_hooks: App based rules not updated: WAF rules configuration supports only apache webserver with version >= 2.4 or apache2nginx and ModSecurity 2
WARNING [2026-03-18 07:14:50,868] im360.subsys.panels.plesk.mod_security: Plesk doesn't support uninstalling rulesets.
WARNING [2026-03-18 07:15:00,906] im360.subsys.update_hooks: App based rules not updated: WAF rules configuration supports only apache webserver with version >= 2.4 or apache2nginx and ModSecurity 2
+++

From the log message, it appears that the app-based WAF rules are not being updated because the current WAF configuration supports only Apache 2.4+ or Apache + Nginx with ModSecurity 2.

Our concern is that this server is using LiteSpeed, and it seems that LiteSpeed may not be compatible with Imunify360 WAF app-based rules under Plesk.

Could you please confirm the following:
  1. Whether LiteSpeed is officially compatible with Imunify360 WAF / app-based rules in Plesk.
  2. Whether this warning is expected in a LiteSpeed environment.
  3. Whether Plesk recommends any supported workaround or configuration change for this setup.
  4. Whether we should ignore this warning if LiteSpeed is being used intentionally with Imunify360.
Please let us know your advice on the supported and recommended configuration for this environment.

Awaiting your reply.
 
It looks like these warnings are coming from Imunify360’s Plesk integration and are expected when the server is running LiteSpeed. Imunify360’s app-based WAF rules updates in Plesk only support Apache 2.4+ (or Apache+Nginx via apache2nginx) with ModSecurity 2, so in a LiteSpeed environment the app-based rules won’t be updated/applied.

LiteSpeed can still be used intentionally, but you should treat this as confirmation that Imunify360 app-based WAF rules are not supported/managed on this stack. If you need those Imunify360 app-based rules, the recommended/supported workaround is to use a supported Apache + ModSecurity 2 setup; if you want to stay on LiteSpeed, you can ignore the warning as long as you’re relying on LiteSpeed/WAF rules (or other protections) instead of Imunify360 app-based rules.
 
You must log in or register to reply here.

Similar threads

WebHostingAce
Question WAF (ModSecurity)
Replies
16
Views
2K
WebHostingAce
WebHostingAce
L
Resolved Unable to start Web Application Firewall (ModSecurity) – “Failed to download tortix rule set”
Replies
6
Views
3K
jvaron
J
I
Input Hardening Plesk with AbuseIPDB
Replies
2
Views
2K
iainh
I
T
Apache2 ModSec Error - Apache2 fails to start and AH00111 error
Replies
1
Views
3K
Peter Debik
P
M
Issue Failed to update ModSecurity ruleset: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
Replies
0
Views
2K
muhammad.faraz
M
Back
Top