Articles in this section

All websites on Plesk server periodically unavailable after accessing WordPress comments or working in WordPress dashboard

Ivan Kamnev
Updated
Plesk for Linux kb: technical

Applicable to:

  • Plesk for Linux

Symptoms

  • All websites on Plesk server periodically are unavailable after accessing WordPress comments or working in WordPress dashboard

  • Comodo or OWASP ruleset is enabled in Plesk > Tools & Settings > Web Application Firewall (Modsecurity).

  • The plesk-modsecurity is enabled in Tools & Settings > IP Address Banning (Fail2Ban) > Jails:

  • The following error message could be found in Tools & Settings > Web Application Firewall (Modsecurity) > ModSecurity Log File:

    CONFIG_TEXT: Message: Warning. String match "get" at REQUEST_METHOD. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/27_Apps_WPPlugin.conf"] [line "4595"] [id "222212"] [rev "2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"]

Cause

Very restrictive ModSecurity ruleset is configured. This is causing false-positive ModSecurity rule triggering while editing or creating posts in WordPress, as a result, the IP address gets banned

Resolution

Switch off the rule affecting WordPress
  1. Go to Plesk > Tools & Settings > Web Application Firewall (Modsecurity) > ModSecurity Log File.
  2. Find the ModSecurity rule ID mentioned in the error message
  3. Disable the found rule by using the steps from this article: How to disable specific ModSecurity rules in Plesk

    Note: for example, the ModSecurity ID for error message presented in this article is 222212

Switch ModSecurity ruleset to Atomic
  1. Log into Plesk
  2. Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings:
  3. Switch ModSecurity ruleset to Atomic Standard
    atomic.JPG
  4. Scroll down and press the OK button to apply the changes 
Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.