Resolved problem after upgrading plesk onyx - mod security

[mehdi sellami]

Hello guys I have a problem after upgrading plesk onyx Last night when I post in my forum
, this message appears to me:

The ip is my own, preventing me from posting
We disabled the mod security
I can publish
What is the solution
System Centos 7 - php 5.4

 

[trialotto]

@mehdi sellami

The solution is quite simple: just create a custom ModSec rule to allow your own IP.

I will give a quick example, but it is up to you to define the ModSec rule that works for you.

First of all, go to "Tools & Settings > Web Application Firewall (ModSecurity) > Tab: Settings > Configuration : Custom directives".

Second, enter something like

SecRule REMOTE_ADDR "@ipMatch [your IP]" id:101,phase:1,t:none,log,allow

and replace [your IP] with the proper IP!

Just press "OK" afterwards.

Third, have a look at the logs, including modsec_audit.log to identify whether the SecRule works as intended (and adjust if needed, just follow steps 1 and 2 again).

Finally, change the

t:none,log,allow

to

t:none,nolog,allow

in the custom SecRule, to prevent that ModSecurity keeps filling modsec_audit.log with log entries concerning your (allowed) IP.

That is all.........hope the above helps a bit.

Regards..........

PS I just noticed that you use OWASP ruleset, which is rather restrictive. Please use the Atomic ruleset, if any issue with ModSecurity still exists and/or for testing purposes.

 

[mehdi sellami]

thank you