Skip to content
  • Solutions
    By Role
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    By Infrastructure
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
  • Product
    • Plesk Features
    • Plesk Editions
    • What’s new
    • Pricing
    • Roadmap
    • Lifecycle Policy
    • Extensions Catalogue
  • Pricing
  • Extensions
    Featured Extensions
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    Bundles and packs:
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack

    See all Extensions

  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
Plesk 360 login
Free Trial

Knowledge Base

Cannot disable ModSecurity rules via Switch off security rules in Plesk

 
apachedomainsfirewallgohttp

Symptoms

  • Unable to disable ModSecurity rules by SecRuleRemoveById: How to disable a single ModSecurity rule for a website?

  • The configuration files are containing SecRuleRemoveById settings, but the list of settings is being ignored:

    <IfModule mod_security2.c>
    SecRuleRemoveById 340476
    </IfModule>

    • If the ModSecurity rules were switched off at Plesk server level, check the following configuration file: /etc/httpd/conf/plesk.conf.d/server.conf

    • If the ModSecurity rules were switched off at domain level, check the following configuration file: /var/www/vhosts/system/example.com/conf/httpd.conf

  • Access to a website page keeps being blocked with the following error:

    HTTP 403 Forbidden

  • Going to Domains > example.com > Web Application Firewall > Logs, the ModSecurity log file contains the following error message:

    ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"] [line "1437"] [id "340476"] [rev "32"] [msg "Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith http://%{SERVER_NAME}/" against "MATCHED_VAR" required. [hostname "example.com"] [uri "/admin/index.php"] [unique_id "XOVxgU2H3CY34MT-xdWHsgAAAG8"], referer: https://example.com/admin/index.php

  • Analyzing the error message, the ModSecurity configuration file /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf, the rule ID 340476 is defined in a LocationMatch statement:

    # less /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf
    ...
    <LocationMatch>
    SecRule REQUEST_URI "!(pagemode=link_index|^/admin/index.php?fuse=admin)"
    "phase:2,chain,t:none,t:urlDecodeUni,t:lowercase,id:340476,rev:32,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)',deny,log,auditlog,status:403"
    SecRule
    ...
    </LocationMatch>

Cause

Modsecurity issue MODSEC-274: rules defined within
LocationMatch
cannot be excluded by
SecRuleRemoveById
 directive.

Resolution

Note: This issue affects only the rules defined using
LocationMatch
directive. To disable other rules, the following instructions should work: How to disable a single ModSecurity rule for a website?

In order to disable such rules, it is required to use SecRule option in the configuration files of Apache:

  1. Log in to Plesk GUI

  2. Go to Domains > example.com > Web Application Firewall > Logs and retrieve the URI location and the matched rule ID. For example:

    ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"] [line "1437"] [id "340476"] [rev "32"] [msg "Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith http://%{SERVER_NAME}/" against "MATCHED_VAR" required. [hostname "example.com"] [uri "/admin/index.php"] [unique_id "XOVxgU2H3CY34MT-xdWHsgAAAG8"], referer: https://example.com/admin/index.php

  3. Go to Domains > example.com > Apache and nginx Settings > Additional Apache directives and add the following lines to both HTTP and HTTPS directives > Apply changes:

    <IfModule mod_security2.c>
    SecRule REQUEST_FILENAME "@beginswith /admin/index.php" "id:1000001,phase:1,t:none,nolog…

Tweet
Share
Share
Email
0 Shares
Read the full article
Related Posts

How to Host a Go App on Plesk

Read More »

Your Complete .htaccess Guide: Including .htaccess Basics and More

Read More »

NGINX vs Apache – Which Is the Best Web Server in 2024?

Read More »
Knowledge Base

How to configure Apache to process PHP code inside an .html file on a Plesk server

Read More »

Websites on Plesk server are slow or show error 500 or PHP mail cannot be sent: ap_pass_brigade failed

Read More »

Website on Plesk server is not accessible: 504 Gateway Time-out: The timeout specified has expired: [client 203.0.113.2:54693] AH01075: Error dispatching request to

Read More »

Websites hosted on Plesk server are unavailable with 502 Bad Gateway: upstream sent too big header while reading response header

Read More »

Hosting Wiki

  • Django
  • Content Security Policy ( CSP )
  • Server Redundancy
  • Google Cloud CDN
  • Bare Metal Server
  • PhpMyAdmin
  • phpPgAdmin
  • Oracle VM Server
  • Server Virtualization Software
  • Windows Server
  • Linux
  • PHP
  • MongoDB
  • HTTP/3
  • HTTP/2
  • Domain
  • Plesk
  • Lighttpd
  • Apache Tomcat
  • NGINX
  • Apache
  • Web Server
  • DNS Server
  • Firewall
  • HTTP
X-twitter Linkedin Youtube Reddit Github
  • Product
  • Login
  • Pricing
  • Editions
  • For Partners
  • Partner Program
  • Contributor Program
  • Affiliate Program
  • Plesk University
  • Company
  • Blog
  • Careers
  • Events
  • About Plesk
  • Our Brand
  • Resources
  • User and Admin guides
  • Help Center
  • Migrate to Plesk
  • Contact Us
  • Hosting Wiki
  • Forum
  • Legal
  • Legal
  • Privacy Policy
  • Imprint

© 2025 WebPros International GmbH

Part of the WebPros®  Family