Applicable to:
- Plesk 12.5 for Linux
- Plesk Onyx for Linux
- Plesk 12.5 for Windows
- Plesk Onyx for Windows
Symptoms
-
The Log In button for WordPress instance in Plesk is not working: It redirects to WordPress login page with empty credentials fields.
-
Login to PHP application using POST request fails without any error messages.
-
ModSecurity is enabled and its configuration set to Tradeoff or Thorough mode at Tools & Settings > Web Application Firewall > Settings tab.
Causes
ModSecurity Tradeoff and Thorough modes include analysis of POST data, which breaks login mechanism.
Resolution
Apply one of the following solutions:
-
Switch ModSecurity mode to Fast at Tools & Settings > Web Application Firewall > Settings.
-
Switch ModSecurity off for a domain at Domains > example.com > Web Application Firewall.
-
Forbid ModSecurity to access request bodies (Windows Server):
-
Connect to a Plesk server via RDP.
-
Open the file C:\Program Files\ModSecurity IIS\modsecurity.conf in a text editor and set the "SecRequestBodyAccess" setting to "Off":
CONFIG_TEXT: SecRequestBodyAccess Off
-
Restart IIS web-server via a command prompt:
C:\> iisreset
-
Comments
0 comments
Please sign in to leave a comment.