Applicable to:
- Plesk for Windows
Symptoms
-
The following ModSecurity error message appears in the Application log of the Event Viewer:
PLESK_INFO: The description for Event ID 1 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
SecReadStateLimit is depricated, use SecConnReadStateLimit instead. -
OWASP (free) is being used under Tools & Settings > Web Application Firewall (ModSecurity)
-
Experimental rule-set (
owasp_crs\experimental_rules) is enabled in the ModSecurity configuration fileC:\Program Files\ModSecurity IIS\modsecurity_iis.conf.
Cause
Going to Tools & Settings > Web Application Firewall (ModSecurity), shows that ModSecurity 2.8 or higher is installed.
The directive SecReadStateLimit has been deprecated starting with ModSecurity version 2.8.0.
The deprecated directive SecReadStateLimit is located in the file modsecurity_crs_11_slow_dos_protection.conf at C:\Program Files\ModSecurity IIS\owasp_crs\experimental_rules.
Resolution
This error message can be safely ignored as there is no impact on the ModSecurity operability.
-
Connect to the server via RDP.
-
Remove the following line in
C:\Program Files\ModSecurity IIS\modsecurity_iis.conf:CONFIG_TEXT: Include owasp_crs\experimental_rules
-
Go to Tools & Settings > Web Application Firewall (Mod Security)
-
At Web application firewall mode select the checkbox Off and click Apply.
-
Select again On at Web application firewall mode and click OK to apply the changes.
Comments
Tried this and doesnt seem to work. We even tried atomic basic free rules and still get the same issue.
Please sign in to leave a comment.