- Plesk Onyx for Linux
ModSecurity Atomic Basic rule set wqas installed. How to test if works correctly?
1. Go to Plesk > Tools & Settings > Web Application Firewall and set "Web application firewall mode = On"
2. Go to Plesk > Tools & Settings > Web Application Firewall > Settings and switch rules to "Atomic Basic ModSecurity" rule set and "Predefined set of values = Fast"
3. Login to Plesk via SSH
4. Choose a domain hosted on the server. The domain names list can be obtained by the command below:
# ll /var/www/vhosts
5. Perform the testing (replace example.com with actual domain name):
# curl -Ik http://example.com/test/php/test.php?foo=http://www.example.com
HTTP/1.1 403 Forbidden
Date: Mon, 26 Mar 2018 04:56:28 GMT
Content-Type: text/html; charset=iso-8859-1
The 403 Forbidden error means Modsecurity is working correctly.