• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved problem after upgrading plesk onyx - mod security

mehdi sellami

mehdi sellami

New Pleskian
Hello guys I have a problem after upgrading plesk onyx Last night when I post in my forum
, this message appears to me:
011.png

The ip is my own, preventing me from posting
We disabled the mod security
I can publish
What is the solution
System Centos 7 - php 5.4
 
Last edited:
@mehdi sellami

The solution is quite simple: just create a custom ModSec rule to allow your own IP.

I will give a quick example, but it is up to you to define the ModSec rule that works for you.

First of all, go to "Tools & Settings > Web Application Firewall (ModSecurity) > Tab: Settings > Configuration : Custom directives".

Second, enter something like

SecRule REMOTE_ADDR "@ipMatch [your IP]" id:101,phase:1,t:none,log,allow

and replace [your IP] with the proper IP!

Just press "OK" afterwards.

Third, have a look at the logs, including modsec_audit.log to identify whether the SecRule works as intended (and adjust if needed, just follow steps 1 and 2 again).

Finally, change the

t:none,log,allow

to

t:none,nolog,allow

in the custom SecRule, to prevent that ModSecurity keeps filling modsec_audit.log with log entries concerning your (allowed) IP.

That is all.........hope the above helps a bit.

Regards..........

PS I just noticed that you use OWASP ruleset, which is rather restrictive. Please use the Atomic ruleset, if any issue with ModSecurity still exists and/or for testing purposes.
 
You must log in or register to reply here.

Similar threads

bootted
Issue mariadb.service deactivates itself after Plesk update
Replies
5
Views
12K
Peter Debik
P
H
Issue Unable to Access WordPress Site After Recent Update
Replies
1
Views
745
Peter Debik
P
marvin
Question Peers Certificate has Expired ??
Replies
4
Views
2K
marvin
marvin
A
Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian
Replies
1
Views
316
Abernathy
A
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
5K
Kaspar@Plesk
Kaspar@Plesk
Back
Top