plesk-roundcube webmail.domainname fails to log in

[TonyDas]

Hi

Since this morning users are not able to log into webmail when they type in the webmail URL. The login screen is there but when an email address and press login they are presented with a page that says "Testing 123..."

The URL in the browser is https://webmail.domain/?_task=login but it should probably redirect to https://webmail.domain/roundcube/?_task=login

Was there a plesk update last night as this was still working yesterday. How can this be fixed?

 

[hebeyer]

Nearly the same here with horde webmail. The loginscreen ist there, but when I try to login with emailadress and password and click the loginbutton there comes the following message:

Forbidden

You don't have permission to access /login.php on this server.

Apache Server at webmail.xxxxxxxxxx.de Port 80

 

[hebeyer]

Problem solved for me: ModSecurity with comodo was the cause. I changed "Predefined set of values" in Plesk to "Fast". Now login into webmail via Horde/Roundcube works again.

 

[SGISoft]

Hello,
In my case I have deactivated the "Generic" filter and it has worked again. The filter that is activated in this case is:

Message: Access denied with code 403 (phase 2). Pattern match "(?:'\\xbf?\\x22|\\x22\\xbf?'|^\\+?$)" at ARGS_POST:app. [file "/etc/apache2/modsecurity.d/rules/comodo/02_Global_Generic.conf"] [line "199"] [id "211290"] [rev "3"] [msg "COMODO WAF: XSS and SQLi vulnerability||webmail.xxxxx.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client xxxxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:'\\\\\\\\xbf?\\\\\\\\x22|\\\\\\\\x22\\\\\\\\xbf?'|^\\\\\\\\+?$)" at ARGS_POST:app. [file "/etc/apache2/modsecurity.d/rules/comodo/02_Global_Generic.conf"] [line "199"] [id "211290"] [rev "3"] [msg "COMODO WAF: XSS and SQLi vulnerability||webmail.xxxxx.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.xxxxx.com"] [uri "/login.php"] [unique_id "xxxxx"]
Action: Intercepted (phase 2)
Apache-Handler: fcgid-script
Stopwatch: 1561454267973633 2442 (- - -)
Stopwatch2: 1561454267973633 2442; combined=1224, p1=355, p2=836, p3=0, p4=0, p5=33, sr=0, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.2 (ModSecurity: Open Source Web Application Firewall CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

The question is: Are you going to get an update in Horde or Plesk so you do not have to disable filters or reduce the operation of Modsecurity ?, since deactivating filters or using the "Fast" option is not the best option to solve a problem.
Thank you.

 

[GerdSchrewe]

Same problem since this morning.
2 V-Server with Plesk 17.8 Update 58 on Ubuntu 18.04.
No webmail login possible.
Mod Sec switched to "detection only" and unlocked locked Ips.
Webmail login posssible.

Like SGI Soft says (Thanx a lot)... deactivated the "Generic" filter works too instaed of "detection only"