Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to disable specific ModSecurity rules for a domain or server-wide?
Answer
Note: Not all rules can be disabled due to the MODSEC-274 bug in ModSecurity.
-
Go to Domains > example.com > Web Application Firewall (ModSecurity).
Note: The Switch off security rules section is visible only when the Web Application Firewall (ModSecurity) mode is set to On or Detection only.
-
Go to Tools & Settings > Web Application Firewall (ModSecurity).
Note: The Switch off security rules section is visible only when the Web Application Firewall (ModSecurity) mode is set to On or Detection only.
-
In the Switch off security rules section of the page, you may switch off rules as follows:
-
By rule IDs. Add IDs from the error message to the Security rule IDs field as shown on the following picture (Click to enlarge) and apply the changes.
Note: If there are several rule IDs, put each on a new line.
-
By rule tags. Add rule tags from the error message from Active to Deactivated as shown on the following picture (Click to enlarge) and apply the changes.
-
Comments
2 comments
Hi,
Ok thx.
If you want to disable a rule for a specific folder use this :
<IfModule mod_security2.c>
# General rules
SecResponseBodyLimit 536870912
SecRuleRemoveById 999777
# A comment
<Directory /var/www/vhosts/domain.tld/httpdocs/yourfolder>
SecRuleRemoveById 999888
</Directory>
</IfModule>
Replace domain.tld and yourfolder with correct informations for you ...
This post was very insightful. Keep up the great content! URL
Please sign in to leave a comment.