Articles in this section

See more

A website hosted in Plesk fails to load when ModSecurity is enabled: Access denied with code 403

Avatar
Marc Vidal
Updated
Follow
Plesk for Windows Plesk for Linux kb: technical ABT: Group A

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • ModSecurity is installed and enabled at Tools & Settings > Web Application Firewall (ModSecurity) > On.

  • A website is unavailable or it is not possible to perform operations on this website, for example, edit posts in WordPress, add products to shopping cart, etc:

    PLESK_INFO: ERR_CONNECTION_REFUSED

    PLESK_INFO: 403 Forbidden

    PLESK_INFO: 500 Internal Server Error

    PLESK_INFO: ERR_CONNECTION_TIMED_OUT

  • If the website is using Cloudflare, the following error might be shown:

    PLESK_INFO: Error 521
    Web server is down

  • WordPress Customization page is not displayed properly at WordPress Admin Dashboard > Customize.

  • A ModSecurity error message like below appears on the Logs page in Plesk at Domains > example.com > Logs:

    CONFIG_TEXT: ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/robots.txt"] [unique_id "XPsROH8AAQEAABEiZFcAAABC"]

Cause

Strict ModSecurity rule-sets (for example, OWASP or Comodo) may block some operations on the website (such as file sharing, webmail, and some web applications, including WordPress and its plugins).

Resolution

Disable the ModSecurity rule using its ID from the error message:

  1. Log in to Plesk GUI

  2. Go to Domains > example.com > Web Application Firewall

  3. Specify the rule IDs from the error message on the Logs page and click OK:


    Screenshot_2018-12-14_Web_Application_Firewall_-_Plesk_Onyx_17_8_11__1_.png

Comments

4 comments

Sort by Date Votes
  • Avatar
    Tony

    It's worth noting the free Atomic list wont get this fix/update until next month, right?

    I'm having trouble using Plesk 12.5 UI to Switch off the Rule by ID.  Is the correct ID format  "[id "340465"]"?

    0
    Comment actions Permalink
  • Avatar
    Tony

    After updating to the $200/yr paid Atomic list this issue is resolved.  I think otherwise i would've had to wait 30 days for the free delayed updates to be deployed to me.

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    @Tony issue should be fixed by running abovementioned command

    0
    Comment actions Permalink
  • Avatar
    Omkar More

    I am still getting the problem, it all started after i installed modsecurity in extensions, now my website resources are getting consumend and getting above error as well as xmlrpc thing. What would be appropriate solution for this as I am thinking would there be any conflict between wordpress security plugin and plesk modsecurity

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles