• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question modsecurity

K

Knutsford

New Pleskian
--0c650000-F--
HTTP/1.1 500 Internal Server Error

--0c650000-H--
Message: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/modsecurity_crs-plesk/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1367"] [id "920320"] [msg "Missing User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"]
Apache-Handler: IIS
Stopwatch: 1724281202854194 532436 (- - -)
Stopwatch2: 1724281202854194 532436; combined=0, p1=0, p2=0, p3=0, p4=0, p5=0, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for IIS (STABLE)/2.9.7 (GitHub - owasp-modsecurity/ModSecurity: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. OWASP_CRS/3.3.5.
Server: ModSecurity Standalone
Engine-Mode: "DETECTION_ONLY"


The designer I work with has got a new server and upgraded the PHP and it seems to be causing problems. Does anyone know what this means please? He has put the PHP back to the old version and it doesn't appear and our PayPal tests worked every time when we did. It seemed to be causing problems with returns from PayPal.
 
That indicates that the requests are flagged by the ModSecurity system as suspicious. The rule you are triggering is indemnified with the ID in the error [id "920320"]. You can exclude the rule from the Firewall by following the instructions in this guide.
 
Knutsford said:
--0c650000-F--
HTTP/1.1 500 Internal Server Error

--0c650000-H--
Message: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "C:\/Program Files (x86)/Plesk/ModSecurity/rules/modsecurity_crs-plesk/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1367"] [id "920320"] [msg "Missing User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"]
Apache-Handler: IIS
Stopwatch: 1724281202854194 532436 (- - -)
Stopwatch2: 1724281202854194 532436; combined=0, p1=0, p2=0, p3=0, p4=0, p5=0, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for IIS (STABLE)/2.9.7 (GitHub - owasp-modsecurity/ModSecurity: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. OWASP_CRS/3.3.5.
Server: ModSecurity Standalone
Engine-Mode: "DETECTION_ONLY"


The designer I work with has got a new server and upgraded the PHP and it seems to be causing problems. Does anyone know what this means please? He has put the PHP back to the old version and it doesn't appear and our PayPal tests worked every time when we did. It seemed to be causing problems with returns from PayPal.
Click to expand...
Thanks I will pass it on
 
You must log in or register to reply here.

Similar threads

N
Resolved ModSecurity / WCF call / 403
Replies
2
Views
2K
newbe
N
ic3_2k
Issue Problem with Modsecurity 2.9. Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection
Replies
1
Views
547
Peter Debik
P
R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
1K
Linulex
Linulex
S
Resolved FORBIDDEN ACCESS
Replies
2
Views
3K
soliu
S
Azurel
Issue ModSecurity: Issue with Comodo rules set?
Replies
1
Views
2K
Azurel
Azurel
Back
Top