- Plesk for Linux
- Plesk for Windows
How to turn on or turn off ModSecurity or deactivate individual ModSecurity rules for a single domain?
It is possible to manage ModSecurity rules per domain level.
Switch off too excessively restrictive security rules or adjust the website.
To find out why an HTTP request cannot be completed for a website: View the audit log file for the website. In Plesk for Linux, you can use the Plesk's UI to view the log:
go to Tools & Settings > Web Application Firewall (ModSecurity) and click the ModSecurity Log File link to download the audit log and open it in a new browser window.
Use Search (Ctrl+F in most web browsers) to find events for the website (the domain name) that have caused problems. For example, example.com.
The browser will highlight entries like HOST: example.com. In the three lines above the highlighted entry, find a string like --eece5138-B--. The eight symbols between the hyphens (in our example, eece5138) are the ID of the event triggered by the HTTP request. Search further for other entries with the same event ID. Look for an entry with the letter H after the event ID (in our example, eece5138-H--). This entry contains the ID and description of the security rule triggered while checking the HTTP request. The security rule ID is an integer number in quotation marks, starting with 3 and put with the prefix id in square brackets.
For example, [id "340003"]. Find a security rule ID in the event using the substring [id "3.
This ID can be used when you switch off rules. To switch off a rule: Go to Tools & Settings > Web Application Firewall (ModSecurity). In the Switch off security rules section, select the security rule by its ID (for example, 340003), by a tag (for example, CVE-2011-4898), or by a regular expression (for example, XSS) and click OK.
More information regarding ModSecurity is available in Plesk Administrator's Guide