• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Using atomic corp rules for modsecurity but updating page via elementor doesn't work and gives internal server error.

H

hamza-24

Basic Pleskian
Server operating system version
centOS 7
Plesk version and microupdate number
18.0.56 #4
Hey everyone
i have enabled modesecurity for my website using atomic corp rules.
but when I update something on website using elementor keeping modsec on it gives me internal server error.
if I turn off modsec and update it works fine.
but I want to resolve this with modsec on.
your help will be highly regarded
 
When ModSecurity steps in, it logs a 403 error to the error_log of the domain. Such an entry looks similar to
Code: 
[client <IP Adresse>] ModSecurity: [file /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "258"] [id "33350147"] [rev "143"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: Potentially Untrusted Web Content Detected"] [data ""] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "rx ((?:submit(?:\\\\+| )?(request)?(?:\\\\+| )?>+|<<(?:\\\\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)?(?:\\\\+| )?>+)$|^< ?\\\\??(?: |\\\\+)?xml|^<samlp|^>> ?$)" against "ARGS:actions" required. [hostname "<Domain>"] [uri "/wp-admin/admin-ajax.php"] [unique_id "YGd3IS-RaDMGEBt0BJbDcABAAAn"], referer: https:// <Domain>/wp-admin/post.php?post=24&action=elementor
You can see the
Code: 
... ne "258"] [id "33350147"] [rev "1 ...
[id ...] section in that message. This is the id of a rule that is applied that leads to the 403 error. You can copy the rule id and add it as an exception to the "Web Application Firewall" exceptions. This way you can leave ModSecurity on while the rules that previously caused the permission ban error on your website won't apply any longer.
 
You must log in or register to reply here.

Similar threads

T
Issue ModSecurity and bad gateway 500 nginx
Replies
3
Views
920
tomaszt
T
WebHostingAce
Issue ModSecurity with Atomic Basic Rule Set appear be not working
Replies
10
Views
3K
jorge ceballos
J
O
Issue Mailman 2 web interface suddenly gives 500 Internal Server Error, while Mailman still working
Replies
9
Views
2K
Tibor Szentmarjay
T
finbarr69
Resolved /var/awp/etc/config: No such file or directory, Failed to update the ModSecurity rule set
Replies
5
Views
4K
8tango
8
K
Resolved Activating/updating Atomicorp ruleset (ModSecurity) results in "unmet dependencies" error
Replies
5
Views
1K
King555
K
Back
Top