Issue ModSecurity / Imunify360 WAF rules update warning on LiteSpeed server

[Thomas Oryon]

Server operating system version

Redhat linux

Plesk version and microupdate number

18.0.73

Hello Plesk Support Team,

We are receiving the below warning on our Plesk server:

+++
WARNING [2026-03-18 07:10:04,744] im360.subsys.panels.plesk.mod_security: Plesk doesn't support uninstalling rulesets.
WARNING [2026-03-18 07:10:14,881] im360.subsys.update_hooks: App based rules not updated: WAF rules configuration supports only apache webserver with version >= 2.4 or apache2nginx and ModSecurity 2
WARNING [2026-03-18 07:14:50,868] im360.subsys.panels.plesk.mod_security: Plesk doesn't support uninstalling rulesets.
WARNING [2026-03-18 07:15:00,906] im360.subsys.update_hooks: App based rules not updated: WAF rules configuration supports only apache webserver with version >= 2.4 or apache2nginx and ModSecurity 2
+++

From the log message, it appears that the app-based WAF rules are not being updated because the current WAF configuration supports only Apache 2.4+ or Apache + Nginx with ModSecurity 2.

Our concern is that this server is using LiteSpeed, and it seems that LiteSpeed may not be compatible with Imunify360 WAF app-based rules under Plesk.

Could you please confirm the following:

1. Whether LiteSpeed is officially compatible with Imunify360 WAF / app-based rules in Plesk.
2. Whether this warning is expected in a LiteSpeed environment.
3. Whether Plesk recommends any supported workaround or configuration change for this setup.
4. Whether we should ignore this warning if LiteSpeed is being used intentionally with Imunify360.

Please let us know your advice on the supported and recommended configuration for this environment.

Awaiting your reply.

 

[Xheni Rapushaj]

It looks like these warnings are coming from Imunify360’s Plesk integration and are expected when the server is running LiteSpeed. Imunify360’s app-based WAF rules updates in Plesk only support Apache 2.4+ (or Apache+Nginx via apache2nginx) with ModSecurity 2, so in a LiteSpeed environment the app-based rules won’t be updated/applied.

LiteSpeed can still be used intentionally, but you should treat this as confirmation that Imunify360 app-based WAF rules are not supported/managed on this stack. If you need those Imunify360 app-based rules, the recommended/supported workaround is to use a supported Apache + ModSecurity 2 setup; if you want to stay on LiteSpeed, you can ignore the warning as long as you’re relying on LiteSpeed/WAF rules (or other protections) instead of Imunify360 app-based rules.

 

[Thomas Oryon]

Hello Xheni,

Thanks for the update. When we use the Litespeed, we are receiving the attached error in imunify. How to resolve or hide this error in Plesk imunify panel?

Awaiting your reply.

 

[Xheni Rapushaj]

Hello Thomsa,

Thank you for the screenshot.

This warning is coming from Imunify360 because it detects that the ModSecurity/WAF ruleset is not being updated to the latest version. In a LiteSpeed environment, Imunify360’s WAF/app-based rules management (ModSecurity 2 + Apache stack) is typically not supported/fully manageable via Plesk, so the panel may continue to show “Server is unprotected / ruleset is outdated” even though LiteSpeed is being used intentionally.

To resolve the warning (supported options):
1) Use a supported WAF stack for Imunify360 ruleset management: Apache 2.4+ (or Apache+Nginx via apache2nginx) with ModSecurity 2, and enable ruleset auto-updates in Imunify360.
OR
2) If we will keep LiteSpeed, we should rely on LiteSpeed’s WAF/security (or another supported WAF) and treat Imunify360 WAF/app-based rules as not applicable on this server.

Regarding “hiding” the warning:
If LiteSpeed is kept, there usually isn’t a clean Plesk-side option to suppress this specific Imunify360 protection-status message without disabling the related WAF/ruleset checks/features in Imunify360. Please advise if there is an officially supported way in Plesk/Imunify to disable only this WAF ruleset status check in the UI while keeping other Imunify features enabled.