• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue ModSecurity with Atomic Basic Rule Set appear be not working

WebHostingAce

Silver Pleskian
Server operating system version
CentOS 7
Plesk version and microupdate number
Version 18.0.53 Update #2
Hi,

I'm using ModSecurity with Atomic Basic Rule Set across number of servers.

Recently I have noticed the ModSecurity is not responding to any of these test explained this is support article.


Upon checking on the ModSecurity Logs, they are empty for last 7 days (Rotated).

By turning off and turn back on fix the issue and the ModSecurity is reponding to the tests as expect.

Thank you.
 
Maybe a previous update failed that caused this situation. Thank you for providing the solution to toggle ModSecurity off/on. Can I then set this entry to "resolved"?
 
Hi,

A couple of days ago I noticed modsec_audit.log was empty as well as all the past week's logs after using Atomic's paid rules.
Please notice that this server was a casualty from Atomic's rules mistake past month and had been running Comodo's rules till the end of june when the paid-for Atomic rules were accepted again (could not make them work for 2 or 3 weeks after the error was suppousedly corrected).

After looking around and not finding anything really convincing related to this, followed the manual's advice:
Caution (Linux): If you select the Atomic ruleset, perform the following procedure to ensure that ModSecurity works fine. Run the aum -u command on the server. The Plesk modsecurity package will be replaced by that from the Atomic repository. Then run the following commands:

  • plesk sbin modsecurity_ctl --disable
  • plesk sbin modsecurity_ctl --enable
  • service httpd restart

That made it.
Log started filling again.
Hope this helps
Regards
 
@jorge ceballos Thank you.

It seems to be keeps happening. After updating the AUM then disabled and enabled ModSecurity.

After a day or two logs are empty again.

Have you checked your logs again?
Hi,

Thanks for noticing, you are right. Same thing over here.
Dont really know if ModSec stops working, but logs definitely stop filling.

The issue continues then.
 
Same here, every night it stops working, I have to restart the waf every morning.
It's frustrating, wafs have been having problems for months.
I have the paid version of Atomicorp.
 
Hi,

Same behavior here.
By the log file hour, modSec stops responding daily at logs rotation - ( 4.00 am + minutes )

In the meanwhile as a temp solution, set a cron to run the AUM update, disable, enable modsec and restart apache.

Hopefully this may be corrected in a future update.

Regards
 
Back
Top