Knowledge Base

Cannot access website hosted in Plesk: the server responded with a status of 403 (ModSecurity Action)

 
firewallhostedhttphttpsip

Symptoms

  1. After activation of Atomic Professional ModSecurity at Tools & Settings > Web Application Firewall (ModSecurity), some clients cannot access websites: 
    Forbidden
     You don't have permission to access /roundcube/index.php on this server.
    Failed to load resource: the server responded with a status of 403 (ModSecurity Action)
  2. Error in Chrome or Internet Explorer DeveloperTools:

    PLESK_INFO: HTTP Error 403.0 – ModSecurity Action You do not have permission to view this directory or page

    Failed to load resource: the server responded with a status of 403 (ModSecurity Action)
  3. Error in Event Viewer > Windows Logs > Application:

    CONFIG_TEXT: Message: Access denied with code 403 (phase 1).
    RBL lookup of 2.113.0.203.xbl.spamhaus.org succeeded at REMOTE_ADDR (Illegal 3rd party exploits). [line “51”] [id “350000”] [rev “2”] [severity “ERROR”] Action: Intercepted (phase 1)

  4. Unable to issue SSL certificate with the following error in Plesk GUI:

    PLESK_ERROR: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/12345. Details: Type: urn:ietf:params:acme:error:unauthorized Status: 403 Detail: During secondary validation: Invalid response from http://example.com/.well-known/acme-challenge/h9lLrpvgL9gsfgutUgerraF2aOas [203.0.113.2]: “[!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”]rn[html xmlns=“http”

    And the following entry in %plesk_dir%adminlogsphp_error.log:

    Access denied with code 403 (phase 1). RBL lookup of 130.229.222.34.xbl.spamhaus.org succeeded at REMOTE_ADDR (Illegal 3rd party exploits). [file "C:/Program Files (x86)/Plesk/ModSecurity/rules/tortix/modsec/00_asl_rbl.conf"] [line "51"] [id "350000"] [rev "2"] [msg "Global RBL Match: IP is on the xbl.spamhaus.org Blacklist (Report False Positives to www.spamhaus.org)"] [severity "ERROR"]

Cause

ModSecurity blocks access to the website from blacklisted IP address.

Resolution

In case this behavior is unwanted, disable the rule:

  1. Log in to Plesk server via RDP
  2. Find ID of the rule that blocks the website in Event Viewer > Windows Logs > Application ().
  3. Login to Plesk as admin user
  4. Navigate to the tab  Tools & Settings > Web Application Firewall (ModSecurity) > General. 
  5. Add the rule ID mentioned in the error message to Security rule IDs field and press OK:
    rule.png
Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2023 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with love with Plesk WP Toolkit

Plesk uses LiveChat system (3rd party).

By proceeding below, I hereby agree to use LiveChat as an external third party technology. This may involve a transfer of my personal data (e.g. IP Address) to third parties in- or outside of Europe. For more information, please see our Privacy Policy.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt