- Plesk for Linux
- Plesk for Windows
ModSecurity is installed and enabled in Tools & Settings > Web Application Firewall (ModSecurity) > Web application firewall mode > On
A website hosted in Plesk fails to load, it is not possible to perform operations on the website such as manage WordPress, access webmail, access
robots.txtfile and the following error might be displayed in the browser:
PLESK_INFO: 403 Forbidden
PLESK_INFO: 500 Internal Server Error
PLESK_INFO: Service Unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
A ModSecurity error message like below appears on the Logs page in Plesk at Domains > example.com > Logs:
CONFIG_TEXT: ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/robots.txt"] [unique_id "XPsROH8AAQEAABEiZFcAAABC"]
- Some content may be missing (like images or some scripts not working properly) or domain's functionality may not work properly.
- Unable to delete plugin inside Wordpress dashboard:
CONFIG_TEXT: <!DOCTYPE html> 403 Forbidden html
Server Error 403 Forbidden You do not have permission to access this document
- If the website is using Cloudflare, the following error might be shown:
PLESK_INFO: Error 521
Web server is down
ModSecurity Web Application Firewall is enabled with a very restrictive (strict) ruleset such as OWASP, Comodo, or a custom ruleset like Imunify360. Hence, some operations on the websites are blocked.
Consider one of the following options: