• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Input OWASP triggered on legitimate traffic from Googlebot!

blueberry

blueberry

Basic Pleskian
I wanted to share a very bad thing that I found in my log today. A modsecurity rule of OWASP (WAF) was triggered on visits of Googlebot. I mean come on, if OWASP is not able to make the difference between an attacker and Googlebot, it makes no sense to install OWASP.


This is really something that I feared and it happened. This means we can't trust these modsecurity rules. (You want to use modsecurity? implement your custom rule sets). You don't want to use modsecurity? There are plenty of other solutions to protect your website via htaccess, nginx and your cms. We are in 2021, these free modsecurity rules are around since a while now and they still wonder whether Googlebot is an enemy? Come on it is not serious!

So beware!

1619756284426.png


1619756223433.png
 
A) The OWASP CRS is known to be ultra-sensitive and product false positives. If you're using the CRS by default, you should know this and the risks it entails. Most will use a custom or modified version of the CRS

A1) The CRS was built to provide strict protection against the OWASP Top 10. Not to be compatible with your WP/Drupal/Custom/Website, so it does exactly that.

B) It doesn't look like the request was actually blocked. (w/ 403 / 404). The severity was a notice. There's no status code. Was the request blocked?

they still wonder whether Googlebot is an enemy?
Click to expand...
C) Again, as the systems administrator, its your responsibility to test and adjust the rules. Don't want to do this? Atomicorps has a paid ModSec rule set

htaccess, nginx and your cms
Click to expand...
D) ModSec is a regex engine that parses a library of regexs that match the request. That's all. If you think an htaccess provides the same level of protection you're solely mistaken. NGINX uses, guess what, ModSec too (w/ Plesk at least). Ideally you want to block requests before they ever get to your applications
 
From the Plesk ModSecurity configuration page:
"OWASP ModSecurity Core Rule Set is very restrictive and might block some functions (for example, file sharing, webmail) and some features of web applications (for example, WordPress plugins)."
You have been warned ;-)
 
You must log in or register to reply here.

Similar threads

M
Input How my firewall helped in uncovering a malicious PHP-script
Replies
1
Views
3K
virtubox
virtubox
E
How to Set up Your WordPress Website Security
Replies
0
Views
2K
Elvis Plesky
E
V
Google PageSpeed Insights – How to optimize your site to rank higher
Replies
1
Views
5K
Andrew Roy
Andrew Roy
V
Varnish for WordPress in a Docker container
Replies
5
Views
6K
Laurence@
Laurence@
E
Varnish for WordPress in a Docker container in Plesk Onyx
2
Replies
25
Views
14K
Andrew_Pa
A
Back
Top