Knowledge Base

Cannot access website hosted in Plesk: the server responded with a status of 403 (ModSecurity Action)

 
firewallserverwebsiteswebserverweb application firewall

Symptoms

  1. After activation of Atomic Professional ModSecurity at Tools & Settings > Web Application Firewall (ModSecurity), some clients cannot access websites: 
    Forbidden
     You don't have permission to access /roundcube/index.php on this server.
    Failed to load resource: the server responded with a status of 403 (ModSecurity Action)
  2. Error in Chrome or Internet Explorer DeveloperTools:

    PLESK_INFO: HTTP Error 403.0 – ModSecurity Action You do not have permission to view this directory or page

    Failed to load resource: the server responded with a status of 403 (ModSecurity Action)
  3. Error in Event Viewer > Windows Logs > Application:

    CONFIG_TEXT: Message: Access denied with code 403 (phase 1).
    RBL lookup of 2.113.0.203.xbl.spamhaus.org succeeded at REMOTE_ADDR (Illegal 3rd party exploits). [line “51”] [id “350000”] [rev “2”] [severity “ERROR”] Action: Intercepted (phase 1)

  4. Unable to issue SSL certificate with the following error in Plesk GUI:

    PLESK_ERROR: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/12345. Details: Type: urn:ietf:params:acme:error:unauthorized Status: 403 Detail: During secondary validation: Invalid response from http://example.com/.well-known/acme-challenge/h9lLrpvgL9gsfgutUgerraF2aOas [203.0.113.2]: “[!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”]rn[html xmlns=“http”

    And the following entry in %plesk_dir%adminlogsphp_error.log:

    Access denied with code 403 (phase 1). RBL lookup of 130.229.222.34.xbl.spamhaus.org succeeded at REMOTE_ADDR (Illegal 3rd party exploits). [file "C:/Program Files (x86)/Plesk/ModSecurity/rules/tortix/modsec/00_asl_rbl.conf"] [line "51"] [id "350000"] [rev "2"] [msg "Global RBL Match: IP is on the xbl.spamhaus.org Blacklist (Report False Positives to www.spamhaus.org)"] [severity "ERROR"]

Cause

ModSecurity blocks access to the website from blacklisted IP address.

Resolution

In case this behavior is unwanted, disable the rule:

  1. Log in to Plesk server via RDP
  2. Find ID of the rule that blocks the website in Event Viewer > Windows Logs > Application ().
  3. Login to Plesk as admin user
  4. Navigate to the tab  Tools & Settings > Web Application Firewall (ModSecurity) > General. 
  5. Add the rule ID mentioned in the error message to Security rule IDs field and press OK:
    rule.png
Read the full article
Related Posts
Knowledge Base

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2021 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WordPress Toolkit

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt