Question WAF ModSecurity Upgrade ChangeLog

[klodoma]

Server operating system version

CentOS Linux 7.9.2009 (Core)

Plesk version and microupdate number

18.0.61 Update #5

Hi Forum

I would like to ask if there is a upgrade/log/plan for ModSecurity for Plesk?

On 20.06 we received a Plesk update which upgraded ModSecurity from 3.6.* to 4.2.0 and this caused major issues in our setup. We have several custom rules and nothing worked properly anymore.

My Questions:

• Is there a way to know when such updates are coming for modSecurity?
• is it possible to disable auto updates for mod security only and update it manually?

Thank you in advance!

 

[Kaspar@Plesk]

The ModSecurity rulesets get updated regularly. These updates are published on the Plesk change log page.

There is no specific option to disable ModSecurity rulesets updates. Only to disabled all third-party components shipped by Plesk. Which is not recommended as these can includes security fixes for third-party components too.

If you like to use older rulesets you can manually upload and install those.