ModSecurity is installed and enabled in Tools & Settings > Web Application Firewall (ModSecurity) > Web application firewall mode > On.
A website hosted in Plesk fails to load or site is slow. It is not possible to perform operations on the website such as manage WordPress, access webmail, access
robots.txtfile and the following error might be displayed in the browser:
500 external Server Error
Service Unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
HTTP Error 403.0 - ModSecurity Action
Site Preview may not work with one of the errors above.
A ModSecurity error message like below appears on the Logs page in Plesk at Domains > example.com > Logs or in Event Viewer > Application log:
ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/robots.txt"] [unique_id "XPsROH8AAQEAABEiZFcAAABC"]
ModSecurity: Warning. Match of "eq 0" against "&TX:PY_SCAN_FINISH" required. [file "/etc/apache2/modsecurity.d/rules/custom/000_i360_0.conf"] [line "182"] [id "77350128"] [msg "IM360 WAF: Scan time results||Py start:3542||Py finish:3555||Py time:13||Py duration:||Lua start:||Lua finish:||Lua time:||Lua duration:||T:APACHE||"] [severity "NOTICE"] [tag "service_i360"] [tag "noshow"] [hostname "example.com"] [uri "/"] [unique_id "Yz0dUZoB5aMQj0uRrk52CQAAAA0"]
ModSecurity Web Application Firewall is enabled with a very restrictive (strict) ruleset such as OWASP, Comodo, or a custom ruleset like Imunify360. Hence, some operations on the websites are blocked.
If you are sure that it is false-positive detection, contact ruleset developers:
Alternatively, consider one of the following options:
Switch to the Atomic ModSecurity ruleset: Log in to Plesk GUI > Tools & Settings > Web Application Firewall (ModSecurity) > Settings > Atomic Standard > Click OK to apply the changes.