Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
The Log In button for WordPress, Typo3 or other CMS in Plesk is not working: it redirects to application login page with empty credentials fields.
-
Login to PHP application using POST request fails without any error messages.
-
ModSecurity is enabled and its configuration set to Tradeoff or Thorough mode in Plesk > Tools & Settings > Web Application Firewall > Settings.
Cause
ModSecurity Tradeoff and Thorough modes include analysis of POST data, which breaks a login mechanism.
Resolution
Log into Plesk and apply one of the following solutions:
-
Switch ModSecurity mode to Fast on Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings: this mode does not include analysis of POST data.
-
Disable ModSecurity for a domain via Plesk > Domains > example.com > Web Application Firewall.
-
Forbid ModSecurity to access request bodies (Windows Server only):
-
Connect to the server via RDP.
-
Open the file
C:\Program Files\ModSecurity IIS\modsecurity.confin a text editor and set the SecRequestBodyAccess setting to the Off value:CONFIG_TEXT: SecRequestBodyAccess Off
-
Restart IIS webserver via a command prompt:
C:\> iisreset
-
Comments
0 comments
Please sign in to leave a comment.