• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

WAF Update Notifications

R

rammstein

New Pleskian
Username: rammstein

TITLE

WAF Update Notifications

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian
Version 18.0.32 Update Nr. 2
Atomic Advanced (purchased through Plesk)
Ubuntu 16.04.7

PROBLEM DESCRIPTION

Notifications are no longer displayed every day.
Like: "Web application firewall: new rule or new rule set was installed"

The "advanced rule set" apparently receives daily updates, the rules in /etc/apache2/modsecurity.d/rules/tortix/modsec/ have a new time stamp every day.

STEPS TO REPRODUCE

  • Install Plesk
  • Install Advanced ModSecurity Rules by Atomicorp

ACTUAL RESULT

WAF works, but Notifications are not working as expected

EXPECTED RESULT

Receive Notification on every update

ANY ADDITIONAL INFORMATION

Is this a bug or did I only notice it now?
Not sure, but I think it wasn't like that a while ago.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
The notifications can be set in the upper right corner of the notifications pop-up screen. Click on the gear icon, then select which notifications shall be displayed.

plesk01.jpg

Also, the rules are not updated daily. It is very well possible that there are no notifications for a few days.
 
The rules are not updated daily?

docs.plesk.com

Atomic ModSecurity Rule Sets

The Atomic Basic ModSecurity rule set includes the following: SQL injection protection. Cross-site scripting protect...
docs.plesk.com docs.plesk.com

The last paragraph says: "Updates multiple times daily."

I see notifications about the "rule updates", but not every day.
 
If you have the paid "complete Advanced ModSecurity Rules by Atomicorp rule set", the it is updated multiple times daily. But if you are using the free version, this is not the case. Sorry, I assumed that you are using the free ruleset, because most users do.
 
No problem, I have the paid version :) (Atomic Advanced (purchased through Plesk))

With the update notifications it looks like this:
Jan. 9
Jan. 12
Jan. 13
Jan. 18
Jan. 19
Jan. 21

Don't know if that should be the case ..?

On the other hand, "multiple times daily", it would probably also not make sense to create a notification about every update.
 
Atomic are advertising "daily" updates instead of "multiple times daily", but frankly honest, can we be sure that rules need to be updated daily? The advanced rule set includes 4,500 rules. Do we really see so many new ways to attack a website that these need to be updated daily? Maybe it means "we're looking into it daily, and if something needs to be changed, we'll update it, else things will stay as they are". It would be interesting to know what others are seeing who are using the advanced rule set and what these daily updates are.
 
You must log in or register to reply here.

Similar threads

T
Apache2 ModSec Error - Apache2 fails to start and AH00111 error
Replies
1
Views
1K
Peter Debik
P
T
Resolved Spamassassin issue - not compiled or not compiled properly
Replies
18
Views
2K
Hangover2
Hangover2
T
ISSUE - Nginx config generation failure and http2 directive implementation failure
Replies
14
Views
2K
Bitpalast
Bitpalast
PeopleInside
Issue with Google Drive Backup
Replies
7
Views
2K
PeopleInside
PeopleInside
PeopleInside
Forwarded to devs Backup Manager email notification issue: wrong from address
Replies
7
Views
2K
Oskar3210
O
Back
Top