Bobcares

For every $500 you spend, we will provide you with a $500 credit on your account*

BLACK FRIDAY SPECIAL EXTENSION

*The maximum is $4000 in credits, Offer valid till December 6th, 2024, New Customers Only, Credit will be applied after purchase and expires after six (6) months

For every $500 you spend, we will provide you with a $500 credit on your account*

BLACK FRIDAY SPECIAL EXTENSION

*The maximum is $4000 in credits, Offer valid till December 6th, 2024, New Customers Only, Credit will be applied after purchase and expires after six (6) months

How to disable specific ModSecurity rules in Plesk

by | Dec 23, 2021

How to disable specific ModSecurity rules in Plesk like a pro?

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team recently helped a customer  how to disable specific ModSecurity rules in Plesk.

How to disable specific ModSecurity rules in Plesk

Before we disable certain ModSecurity rules in Plesk, our Support Techs would like to remind you that we cannot all rules due to the  MODSEC-274 bug in ModSecurity.

According to our exceptional Support Team, we can disable rules for a domain via

  • ModSecurity settings
  • Additional Apache directive

If you prefer to disable the rules server-wide, we can do it either via rule IDs or rule tags. Let’s take a look at how to get this done in the next section.

How to disable specific ModSecurity rules in Plesk for a domain

We can do this via ModSecurity settings as seen below:

  1. First, log in to Plesk.
  2. Then, we will head to Web Application Firewall (ModSecurity) under example.com in the Domains section.
  3. Next, we have to specify the tags, rule IDs, or a regular expression in the Switch off security rules section that we want to switch off.

    Our Support Techs would like to point out that the Switch off security rules is accessible only when the web application firewall mode is set to Detection only orOn.

    • By rule tags

      How to disable specific ModSecurity rules in Plesk : by rule tags

    • By rule IDs

      How to disable specific ModSecurity rules in Plesk: by rule IDs

We can do this via additional ModSecurity Apache directives as seen below:

  1. First, we have to log in to Plesk.
  2. Then, we head to Apache & Nginx Settings under example.com in the Domains section.
  3. Next, we have to create a custom Apache directive and then place it in the Additional directives for HTTP/HTTPS fields.

    For instance, we can disable rules IDs 340163 and 340162 as seen below:

    <IfModule mod_security2.c>
    SecRuleRemoveById 340163
    SecRuleRemoveById 340162
    </IfModule>

    OR

    <IfModule mod_security2.c>
    SecRuleRemoveById 340163 340162
    </IfModule>

How to disable specific ModSecurity rules in Plesk server-wide

  1. First, we have to log in to Plesk.
  2. Then, we head to Switch off security rules under Web Application Firewall (ModSecurity) in the Tools & Settings section.
  3. Next, we have to switch off the rules via either of the following options:
    • By rule IDs:
      Here, we will add IDs from the error message to the Security rule Ids as seen below:

      How to disable specific ModSecurity rules in Plesk : by rule IDs

      If we want to disable more than one rule, we can add the different rule IDs on separate lines.

    • By rule tags:

      How to disable specific ModSecurity rules in Plesk: by rule tags

      Here, we have to add the rule tags from the error message from the Active box to Deactivated box and then apply the changes.

[Need a solution to another query? We are just a click away.]

Conclusion

To sum up, the skilled Support Engineers at Bobcares demonstrated how to disable specific ModSecurity rules in Plesk.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.