Applicable to:
- Plesk Obsidian for Linux
Symptoms
-
All disabled ModSecurity rules except
210710
and222212
are removed every day. -
Comodo ruleset is selected for ModSecurity (Tools & Settings > Web Application Firewall (ModSecurity) > Settings).
- Ubuntu 18.04 is used on the server.
Cause
Bug with ID PPPM-12290. The issue has been fixed in Plesk 18.0.30. Please consider updating your server.
Resolution
If update is not possible for some reason you may try the following
As a workaround, create a Scheduled task that will automatically add the missing rule to be switched off (for example, 214540
) after the 50plesk-daily
script is executed:
-
Connect to the server via SSH.
-
Find out when
/etc/cron.daily/50plesk-daily
script is executed on the server by running the following command:# cat /etc/crontab
In the output, the following line will be shown:
CONFIG_TEXT: 11 0 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
In this example, script
50plesk-daily
is executed at 0:11 daily.Note: Crontab format can be checked here.
-
Go to Tools & Settings > Scheduled Tasks (Cron jobs) and click Add task.
-
Set the following parameters:
Warning: Change the 214540 in the command to the rule ID that should be switched off
-
Task type: run a command
-
Command:
CONFIG_TEXT: echo "UPDATE WebServerSettingsParameters SET value=\"210710\\n222212\\n214540\" where name=\"filterById\";" | MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql -uadmin psa; /usr/sbin/plesk bin server_pref --update-web-app-firewall
-
Run: Daily, and enter the time when
/etc/cron.daily/50plesk-daily
is executed (see step 2) +20 minutes -
System user: root
-
Notify: Do not notify.
-
-
Click OK to save the task.
-
Verify that the task appeared under Tools & Settings > Scheduled Task.
Comments
6 comments
I have never set the exceptions
210710
and222212 myself. Are those required exceptions with Comodo, that Plesk is pushing automatically to ensure proper functionality or is the presence of those exceptions part of the bug?
If it is part of the bug, what would be a good workaround to remove(!) those exceptions until a patch has been published?
Hello Tobias Hendel
These 2 rules were added to exceptions as a fix to another bug PPPM-11961. Without this fix the default comodo free ruleset blocks user's WordPress activity.
As for the issue from this article, the fix will be included in 18.0.30, which is expected in September.
Hi Ivan,
I've updated to Plesk 18.0.30, can I remove exceptions
210710
and222212 manually as it stills remains?
Thanks!
Hello Adrian Chan
Exceptions
210710
and222212
are to fix different issue PPPM-11961. When these rules are active, WordPress users may be blocked by Fail2Ban.It's not connected with this article and it's recommended to read these rules as too strict in exceptions.
Has this been fixed yet, I've looked though the release notes, and can't see PPPM-12290 mentioned anywhere?
john Yes, it has been fixed in version 18.0.30
Please sign in to leave a comment.