Articles in this section

See more

A website hosted in Plesk fails to load when ModSecurity is enabled: Access denied with code 403

Avatar
Marc Vidal
Updated
Follow
Plesk for Windows Plesk for Linux kb: technical ABT: Group A

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • ModSecurity is installed and enabled in Tools & Settings > Web Application Firewall (ModSecurity) > Web application firewall mode > On

  • A website hosted in Plesk fails to load, it is not possible to perform operations on the website such as manage WordPress, access webmail, access robots.txt file and the following error might be displayed in the browser:

    PLESK_INFO: ERR_CONNECTION_REFUSED

    PLESK_INFO: 403 Forbidden

    PLESK_INFO: 500 Internal Server Error

    PLESK_INFO: ERR_CONNECTION_TIMED_OUT

    PLESK_INFO: Service Unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

  • A ModSecurity error message like below appears on the Logs page in Plesk at Domains > example.com > Logs:

    CONFIG_TEXT: ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/robots.txt"] [unique_id "XPsROH8AAQEAABEiZFcAAABC"]

- Some content may be missing (like images or some scripts not working properly) or domain's functionality may not work properly.

- Unable to delete plugin inside Wordpress dashboard:

CONFIG_TEXT: <!DOCTYPE html> 403 Forbidden html
{overflow...
Server Error 403 Forbidden You do not have permission to access this document

- If the website is using Cloudflare, the following error might be shown:

PLESK_INFO: Error 521
Web server is down

Cause

ModSecurity Web Application Firewall is enabled with a very restrictive (strict) ruleset such as OWASP, Comodo, or a custom ruleset like Imunify360. Hence, some operations on the websites are blocked.

Resolution

Consider one of the following options:

Comments

4 comments

Sort by Date Votes
  • Avatar
    Tony

    It's worth noting the free Atomic list wont get this fix/update until next month, right?

    I'm having trouble using Plesk 12.5 UI to Switch off the Rule by ID.  Is the correct ID format  "[id "340465"]"?

    0
    Comment actions Permalink
  • Avatar
    Tony

    After updating to the $200/yr paid Atomic list this issue is resolved.  I think otherwise i would've had to wait 30 days for the free delayed updates to be deployed to me.

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    @Tony issue should be fixed by running abovementioned command

    0
    Comment actions Permalink
  • Avatar
    Omkar More

    I am still getting the problem, it all started after i installed modsecurity in extensions, now my website resources are getting consumend and getting above error as well as xmlrpc thing. What would be appropriate solution for this as I am thinking would there be any conflict between wordpress security plugin and plesk modsecurity

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles