Webmail is not working: ModSecurity: Access denied with code 403

Created:

2016-11-16 12:54:15 UTC

Modified:

2017-04-24 11:20:37 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Webmail is not working: ModSecurity: Access denied with code 403

Applicable to:

  • Plesk 12.5 for Linux

Symptoms

Webmail not working with the following HTTP Error:

 Forbidden 403

Apache /var/log/httpd/error_log contains the following error:

Wed Aug 17 11:39:32.018964 2016] [:error] [pid 19639] [client 203.0.113.2] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_50_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "webmail.example.com"] [uri "/index.php"] [unique_id "V7Qw02lTGtq0ZEcGgtyqxgAAAAM"]

Web Application Firewall component is not represented in Home > Tools&Settings .

ModSecurity package is released by OS vendor:

root@hosting5647 ~]# rpm -qi mod_security-2.7.3-5.el7.x86_64
Name : mod_security
Version : 2.7.3
Release : 5.el7
Architecture: x86_64
Install Date: Thu 05 May 2016 04:47:26 PM CEST
Group : System Environment/Daemons
Size : 460098
License : ASL 2.0
Signature : RSA/SHA256, Fri 04 Jul 2014 05:48:49 AM CEST, Key ID 24c6a8a7f4a80eb5
Source RPM : mod_security-2.7.3-5.el7.src.rpm
Build Date : Tue 10 Jun 2014 03:17:53 AM CEST
Build Host : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org> <----------------

Cause

Third-party ModSecurity package is installed.

Resolution

Remove ModSecurity and install it back using Plesk installer

Have more questions? Submit a request
Please sign in to leave a comment.