Articles in this section

See more

Plesk Daily Maintenance Task deletes disabled ModSecurity rules

Avatar
Leonid Gukhman
Updated
Follow
kb: bug Plesk Obsidian for Linux

Applicable to:

  • Plesk Obsidian for Linux

Symptoms

  • All disabled ModSecurity rules except 210710 and 222212 are removed every day.

  • Comodo ruleset is selected for ModSecurity (Tools & Settings > Web Application Firewall (ModSecurity) > Settings).

  • Ubuntu 18.04 is used on the server.

Cause

Bug with ID PPPM-12290 that will be fixed in one of the future Plesk updates.

Resolution

As a workaround, create a Scheduled task that will automatically add the missing rule to be switched off (for example, 214540) after the 50plesk-daily script is executed:

  1. Connect to the server via SSH.

  2. Find out when /etc/cron.daily/50plesk-daily script is executed on the server by running the following command:

    # cat /etc/crontab

    In the output, the following line will be shown:

    CONFIG_TEXT: 11 0 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

    In this example, script 50plesk-daily is executed at 0:11 daily.

    Note: Crontab format can be checked here.

  3. Log in to Plesk.

  4. Go to Tools & Settings > Scheduled Tasks (Cron jobs) and click Add task.

  5. Set the following parameters:

    Warning: Change the 214540 in the command to the rule ID that should be switched off

    • Task type: run a command

    • Command:

      CONFIG_TEXT: echo "UPDATE WebServerSettingsParameters SET value=\"210710\\n222212\\n214540\" where name=\"filterById\";" | MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql -uadmin psa; /usr/sbin/plesk bin server_pref --update-web-app-firewall

    • Run: Daily, and enter the time when /etc/cron.daily/50plesk-daily is executed (see step 2) +20 minutes

    • System user: root

    • Notify: Do not notify.

  6. Click OK to save the task.

  7. Verify that the task appeared under Tools & Settings > Scheduled Task.

Comments

4 comments

Sort by Date Votes
  • Avatar
    Tobias Hendel

    I have never set the exceptions 210710 and 222212 myself. Are those required exceptions with Comodo, that Plesk is pushing automatically to ensure proper functionality or is the presence of those exceptions part of the bug?

    If it is part of the bug, what would be a good workaround to remove(!) those exceptions until a patch has been published?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Tobias Hendel

    These 2 rules were added to exceptions as a fix to another bug PPPM-11961. Without this fix the default comodo free ruleset blocks user's WordPress activity.

    As for the issue from this article, the fix will be included in 18.0.30, which is expected in September.

    0
    Comment actions Permalink
  • Avatar
    Adrian Chan

    Hi Ivan,

    I've updated to Plesk 18.0.30, can I remove exceptions 210710 and 222212 manually as it stills remains?

    Thanks!

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Adrian Chan

    Exceptions 210710 and 222212 are to fix different issue PPPM-11961. When these rules are active, WordPress users may be blocked by Fail2Ban.

    It's not connected with this article and it's recommended to read these rules as too strict in exceptions.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles