- Plesk for Linux
- Plesk for Windows
ModSecurity is installed and enabled at Tools & Settings > Web Application Firewall (ModSecurity) > On.
A website is unavailable or it is not possible to perform operations on this website, for example, edit posts in WordPress, add products to shopping cart, etc:
PLESK_INFO: 403 Forbidden
PLESK_INFO: 500 Internal Server Error
If the website is using Cloudflare, the following error might be shown:
PLESK_INFO: Error 521
Web server is down
WordPress Customization page is not displayed properly at WordPress Admin Dashboard > Customize.
A ModSecurity error message like below appears on the Logs page in Plesk at Domains > example.com > Logs:
CONFIG_TEXT: ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/robots.txt"] [unique_id "XPsROH8AAQEAABEiZFcAAABC"]
Strict ModSecurity rule-sets (for example, OWASP or Comodo) may block some operations on the website (such as file sharing, webmail, and some web applications, including WordPress and its plugins).
Disable the ModSecurity rule using its ID from the error message:
Go to Domains > example.com > Web Application Firewall
Specify the rule IDs from the error message on the Logs page and click OK: