Facebook
Twitter- Server operating system version
- AlmaLinux 9.6
- Plesk version and microupdate number
- 18.0.70.2
When replying to HTML based e-mails, I found that 'Save as draft' and 'Send' both show an error in the Roundcube front-end, saying "Connection Error (Failed to reach the server)".
After checking the browser console, I noticed that the XHR request for saving as draft or sending returned a 403 Forbidden.
Assuming ModSecurity might be causing this issue, I tried viewing the HTML source in the Roundcube editor and removed any inline
Removing the
I then checked the ModSecurity audit logs and found the following snippet:
Understandably, disabling rule ID 212880 in the 'Web Application Firewall' > 'Switch off security rules' solved the issue as well, but might leave webmail open to actual XSS attacks.
Question:
I think inline CSS like the example above is harmless and shouldn't be blocked.
Where can I report this as a false positive to be added to the Comodo rule set?
Note: I found this topic related to my question, but no answer yet.
Software used:
Product version: Plesk Obsidian 18.0.70.2
OS version: AlmaLinux 9.6 x86_64
Build date: 2025/06/17 10:00
Revision: 0055029cfeb6ecdae4ec9f7e463abee525eb5cbc
With:
- plesk-roundcube-1.6.10-2.redhat.9+p18.0.70.2+t250617.1000.noarch
- Drop-in MariaDB-server-11.4.7-1.el9.x86_64
After checking the browser console, I noticed that the XHR request for saving as draft or sending returned a 403 Forbidden.
Assuming ModSecurity might be causing this issue, I tried viewing the HTML source in the Roundcube editor and removed any inline
<style> elements from the code, for example:
Code:
<style type="text/css">#replybody1 table td { border-collapse: collapse; }
#replybody1[dir=rtl] .v1directional_text_wrapper { direction: rtl; unicode-bidi: embed; }</style>
<style type="text/css">@media only screen and (max-width: 768px) {
#replybody1 .v1simplified-email-footer .v1namecard { display: block; min-width: 100%; padding: 0 0 16px 0; }
#replybody1 .v1simplified-email-footer .v1content { padding: 16px; }
}</style>Removing the
<style> elements from the e-mail HTML (or by switching the editor to plain text) fixed the issue, and both 'Save as draft' and 'Send' works.I then checked the ModSecurity audit logs and found the following snippet:
Code:
Message: Access denied with code 403 (phase 2). Pattern match "(?i:<style.{0,399}?>.{0,399}?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).{0,399}?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" at MATCHED_VAR. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.Understandably, disabling rule ID 212880 in the 'Web Application Firewall' > 'Switch off security rules' solved the issue as well, but might leave webmail open to actual XSS attacks.
Question:
I think inline CSS like the example above is harmless and shouldn't be blocked.
Where can I report this as a false positive to be added to the Comodo rule set?
Note: I found this topic related to my question, but no answer yet.
Software used:
Product version: Plesk Obsidian 18.0.70.2
OS version: AlmaLinux 9.6 x86_64
Build date: 2025/06/17 10:00
Revision: 0055029cfeb6ecdae4ec9f7e463abee525eb5cbc
With:
- plesk-roundcube-1.6.10-2.redhat.9+p18.0.70.2+t250617.1000.noarch
- Drop-in MariaDB-server-11.4.7-1.el9.x86_64
