• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

plesk-stat and mod_security????

A

ACID25

Guest
Hi

i installed mod_security on some of or servers and i know the plesk statistics are not more available. I found that in the domains error_log file


[Tue Jun 24 14:53:49 2008] [error] [client 217.XXX.XXX.XXX] ModSecurity: Access denied with code 404 (phase 4). Pattern match "\\b(?:Th(?:is (?:summary was generated by.{0,100}?(?:w(?:ebcruncher|wwstat)|analog|Jware)|analysis was produced by.{0,100}?(?:calamaris|EasyStat|analog)|report was generated by WebLog)|ese statistics were produced by (?:getstats|PeLAB))|[gG]enerated by. ..." at RESPONSE_BODY. [file "/etc/httpd/modsecurity/modsecurity_crs_50_outbound.conf"] [line "19"] [id "970002"] [msg "Statistics Information Leakage"] [severity "WARNING"] [hostname "domain.tld"] [uri "/plesk-stat/webstat/index.html"] [unique_id "DSc91H8AAAEAADyBNgkAAAAN"]

so what can i do the make the statistics available again. But i don´t want to delete the rule that prevent the access to the index.html file. Access should be possible without password access.

So what can i do????

THX for help in advance and kind regards
ACID25
 
ACID25, just edit the rules for mod_security in /etc/httpd/modsecurity/modsecurity_crs_50_outbound.conf and remove certain rule which blocks statistics pages (id of rule is '970002' it's on line 19 judging by error message) and restart apache. This should help.

Some sets of rules for mod_security are insanely inadequate ;)
 
We maintain plesk rules in ASL, or you can grab the delayed feed off of gotroot.com. I wouldn't recommend the core rules from breach in a plesk environment unless you're in a position to tune them for your environment.
 
You must log in or register to reply here.
Back
Top