Applicable to:
- Plesk for Linux
Symptoms
-
All websites on Plesk server periodically unavailable after accessing WordPress comments or working in WordPress dashboard
-
Comodo ruleset is enabled in ModSecurity at Tools & Settings > Web Application Firewall (Modsecurity):
-
'plesk-modsecurity' jail is enabled at **Tools & Settings > IP Address Banning (Fail2Ban) > Jails:
-
At Tools & Settings > Web Application Firewall (Modsecurity) > ModSecurity Log File the following message appeared:
Message: Warning. String match "get" at REQUEST_METHOD. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/27_Apps_WPPlugin.conf"] [line "4595"] [id "222212"] [rev "2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"]
Cause
IP address banned by fail2ban triggered by ModSecurity rule match alert.
Resolution
- Log into Plesk and,
- Switch ModSecurity ruleset to Atomic Standard in Tools & Settings > Web Application Firewall (ModSecurity) > Settings:
Disable the ModSecurity rule with id 222212 (4th symptom) using instruction from: How to disable specific ModSecurity rules in Plesk
Comments
0 comments
Please sign in to leave a comment.