- Plesk for Linux
When attaching files or importing emails in Horde or uploading files to a website, the operation hangs. One of the following error message appears in
CONFIG_TEXT: ModSecurity: Access denied with code 44 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/httpd/conf.d/mod_security.conf"] [line "97"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary"] [hostname "webmail.example.com"] [uri "/services/ajax.php/imp/addAttachment"] [unique_id "VqnL5FLCW54AAFFr8S8AAAAH"]
Invalid response status 44, referer: http://webmail.example.com
CONFIG_TEXT: ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/httpd/modsec/00_asl_zz_strict.conf"] [line "37"] [id "330792"] [msg "Multipart parser detected a possible unmatched boundary. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors."] [severity "CRITICAL"] [hostname "webmail.example.com"] [uri "/services/ajax.php/imp/importMailbox"] [unique_id "ZCAeR710EMlovesCaTAo5QABBBg"], referer: http://webmail.example.com/imp/dynamic.php?page=mailbox
ModSecurity package is installed from a 3rd-party vendor:
# rpm -qa | grep mod_security
# rpm -qi mod_security-2.7.4-1 | grep Vendor
Plesk Modsecurity packages are not installed:
# rpm -qa | grep plesk-modsecurity
ModSecurity package is installed from a 3rd-party repository.
Connect to a Plesk server via SSH
Comment the security rule that has been found in the Apache error log
2.1. Open the ModSecurity configuration file
/etc/httpd/conf.d/mod_security.confin any text editor. In this examle, we are using the "vi" editor:
# vi /etc/httpd/conf.d/mod_security.conf
2.2. Find the ModSecurity rule mentioned in the Apache error log and comment it with a hash symbol "#". In this example:
CONFIG_TEXT: #SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "id:'200003', phase:2, t:none, log, deny, status:44, msg:'Multipart parser detected a possible unmatched boundary'"
2.3. Save the changes and close the file.
# service httpd restart
Note: It is recommended to use ModSecurity provided by Plesk to avoid any malfunctioning.