Facebook
Twitter-
Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products ! WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
Join the pilot program today! -
The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
-
The BIND DNS server has already been deprecated and removed from Plesk for Windows.
If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
Resolved What is the best way to configure NGINX ModSecurity?
- Thread starter othmaqsa
- Start date
Please check the documentation here:
docs.plesk.com
Web Application Firewall (ModSecurity)
In this topic, you will learn how to protect your web applications (such as WordPress, Joomla!, or Drupal) from attacks using ModSecurity, an Open Source web application firewall.
docs.plesk.com
Hello,Please check the documentation here:
Web Application Firewall (ModSecurity)
In this topic, you will learn how to protect your web applications (such as WordPress, Joomla!, or Drupal) from attacks using ModSecurity, an Open Source web application firewall.
Thank you for your message.
I've read this before, but the confusion is that in the documentation:
Apache (ModSecurity 2.9) (recommended).
Nginx (ModSecurity 3.0).
Note: Switching to Nginx (ModSecurity 3.0) may affect your existing applications. We recommend trying ModSecurity 3.0 out on a test server before switching your production environment to that version.
In my case, I use only NGINX only (proxy mode disabled), I need to choose the recommended setting or go Nginx (ModSecurity 3.0) ?
If you haven't used ModSecurity before then you should go for ModSecurity 3.0 with nginx and run it in "Detection Mode" only for a while and analyse the logs it produces.
Once you're sure that no legitimate requests would be blocked then you can switch to "On" (blocking mode).
Once you're sure that no legitimate requests would be blocked then you can switch to "On" (blocking mode).
Got it, since it's the first time I use ModSecurity, I'll enable ModSecurity 3.0 with nginx.
Another question: Can I see the Logs with the option Detection Mode ? If yes, where can I see it ?
Web Application Firewall (ModSecurity)
In this topic, you will learn how to protect your web applications (such as WordPress, Joomla!, or Drupal) from attacks using ModSecurity, an Open Source web application firewall.
docs.plesk.com
Have a look at the log files section here
@Monty Last questions please: I would like to know, please, the average consumption (CPU/RAM) ? In general, can ModSecurity cause cpu/ram spikes during use?Web Application Firewall (ModSecurity)
In this topic, you will learn how to protect your web applications (such as WordPress, Joomla!, or Drupal) from attacks using ModSecurity, an Open Source web application firewall.
Have a look at the log files section here
ModSecurity will have a CPU impact, yes. But with a "normal" amount of rules this impact should be very small, close to negligible. To see the impact, record your CPU/RAM usage before activating ModSecurity and then compare it with ModSecurity enabled.
For further tuning and optimization of ModSecurity: ModSecurity Performance Recommendations
For further tuning and optimization of ModSecurity: ModSecurity Performance Recommendations
Similar threads
