Webmail is not working on a Plesk server when ModSecurity with OWASP or Comodo rule set is enabled: Error when communicating with the server



1 comment

  • Avatar
    acos_atom (Edited )

    Just to provide some more information.

    In PleskObsidian 18.0.52 with the default COMODO (Free) rules, Roundcube gives this error but the affected rule is [id "212340"], that is triggered by sending a simple html email.

    Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client xx.xx.xx.xx] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "<!--" at ARGS:_message. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/07_XSS_XSS.conf"] [line "56"] [id "212340"] [rev "5"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||webmail.example.com|F|2"] [data "Matched Data: <!-- found within ARGS:_message: <div id=\\\\x22wrapper\\\\x22 dir=\\\\x22ltr\\\\x22 style=\\\\x22background-color: #f7f7f7; margin: 0; padding: 70px 0; width: 100%; -webkit-text-size-adjust: none;\\\\x22> <table border=\\\\x220\\\\x22 width=\\\\x22100%\\\\x22 cellspacing=\\\\x220\\\\x22 cellpadding=\\\\x220\\\\x22> <tbody> <tr> <td align=\\\\x22center\\\\x22 valign=\\\\x22top\\\\x22> <div id=\\\\x22template_header_image\\\\x22></div> <table id=\\\\x22template_container\\\\x22 style=\\\\x22background-color: #ffffff; border: 1px solid #dedede; box-shadow: 0 1..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "webmail.example.com"] [uri "/roundcube/index.php"] [unique_id "ZFOCe-UVZmIZ45HYQutUFAAAAMo"]
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request