1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

plesk-stat and mod_security????

Discussion in 'Plesk for Linux - 8.x and Older' started by ACID25, Jun 24, 2008.

  1. ACID25

    ACID25 Guest

    0
     
    Hi

    i installed mod_security on some of or servers and i know the plesk statistics are not more available. I found that in the domains error_log file


    [Tue Jun 24 14:53:49 2008] [error] [client 217.XXX.XXX.XXX] ModSecurity: Access denied with code 404 (phase 4). Pattern match "\\b(?:Th(?:is (?:summary was generated by.{0,100}?(?:w(?:ebcruncher|wwstat)|analog|Jware)|analysis was produced by.{0,100}?(?:calamaris|EasyStat|analog)|report was generated by WebLog)|ese statistics were produced by (?:getstats|PeLAB))|[gG]enerated by. ..." at RESPONSE_BODY. [file "/etc/httpd/modsecurity/modsecurity_crs_50_outbound.conf"] [line "19"] [id "970002"] [msg "Statistics Information Leakage"] [severity "WARNING"] [hostname "domain.tld"] [uri "/plesk-stat/webstat/index.html"] [unique_id "DSc91H8AAAEAADyBNgkAAAAN"]

    so what can i do the make the statistics available again. But i don´t want to delete the rule that prevent the access to the index.html file. Access should be possible without password access.

    So what can i do????

    THX for help in advance and kind regards
    ACID25
     
  2. ib1984

    ib1984 Basic Pleskian

    23
    70%
    Joined:
    Jun 25, 2008
    Messages:
    91
    Likes Received:
    0
    ACID25, just edit the rules for mod_security in /etc/httpd/modsecurity/modsecurity_crs_50_outbound.conf and remove certain rule which blocks statistics pages (id of rule is '970002' it's on line 19 judging by error message) and restart apache. This should help.

    Some sets of rules for mod_security are insanely inadequate ;)
     
  3. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    We maintain plesk rules in ASL, or you can grab the delayed feed off of gotroot.com. I wouldn't recommend the core rules from breach in a plesk environment unless you're in a position to tune them for your environment.
     
Loading...