Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
Site preview or website in Plesk does not work:
CONFIG_TEXT: HTTP Error 403.0 - ModSecurity Action
-
There is the following error in the Event Viewer > Application log or under Plesk > Domains > example.com > Logs (for Linux):
CONFIG_TEXT: ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host. [file "E:\/Plesk Data/Plesk Install Dir/Plesk/ModSecurity/rules/modsecurity_crs-plesk/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "SERVERNAME"] [uri "/plesk-site-preview/example.com"] [unique_id "17149707387469299914"]
-
Some elements (e.g. images) are missing or displayed as broken in Site preview in Plesk.
Cause
ModSecurity blocks access to Plesk Site Preview.
Resolution
Disable the rule mentioned in the error message. In this example, with ID "920350".
Comments
0 comments
Please sign in to leave a comment.