Skip to content
  • Solutions
    By Role
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    By Infrastructure
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
  • Product
    • Plesk Features
    • Plesk Editions
    • What’s new
    • Pricing
    • Roadmap
    • Lifecycle Policy
    • Extensions Catalogue
  • Pricing
  • Extensions
    Featured Extensions
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    Bundles and packs:
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack

    See all Extensions

  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
Plesk 360 login
Free Trial

Knowledge Base

How to disable specific Web Application Firewall ModSecurity rules in Plesk

 
domainsfirewallgoplesk for linuxplesk for windows

Question

How to disable specific ModSecurity rules for a domain or server-wide?

Answer

Note: Not all rules can be disabled due to the MODSEC-274 bug in ModSecurity.

 

Disabling rules for a domain
Disabling rules server-wide

 

  1. Log in to Plesk.

  2. Go to Domains > example.com > Web Application Firewall (ModSecurity).

    Note: The Switch off security rules section is visible only when the Web Application Firewall (ModSecurity) mode is set to On or Detection only.

    • By rule IDs


      Web Application Firewall Settings

    • By rule tags


      Web Application Firewall Settings

      In the Switch off security rules section of the page, specify rule IDs (for example, 340003), tags (for example, CVE-2011-4898), or a regular expression (for example, XSS) used in the rules that need to be switched off, and click OK.

 

 

  1. Log in to Plesk.

  2. Go to Tools & Settings > Web Application Firewall (ModSecurity).

    Note: The Switch off security rules section is visible only when the Web Application Firewall (ModSecurity) mode is set to On or Detection only.

  3. In the Switch off security rules section of the page, you may switch off rules as follows:

    • By rule IDs. Add IDs from the error message to the Security rule IDs field as shown on the following picture (Click to enlarge) and apply the changes.

      Note: If there are several rule IDs, put each on a new line.


      Web Application Firewall Settings

    • By rule tags. Add rule tags from the error message from Active to Deactivated as shown on the following picture (Click to enlarge) and apply the changes.


      Web Application Firewall Settings

Note: the Rule ID is written in body message of the error. For example in the error below:

ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/robots.txt"] [unique_id "XPsROH8AAQEAABEiZFcAAABC"]

the Rule ID is 949110

Tweet
Share
Share
Email
0 Shares
Read the full article
Related Posts

How to Host a Go App on Plesk

Read More »

Exploring Plesk’s Added Value Solutions So Far in 2023

Read More »

Unveiling Sitejet Builder: The Perfect Match for Your Effortless Website Creation Needs

Read More »
Knowledge Base

How to disable ModSecurity in Plesk?

Read More »

How to enable the use GET, HEAD, POST, PUT, DELETE, PATCH requests on a Plesk for Windows Server

Read More »

ModSecurity rule-set activation/update fails in Plesk: Unable to find row with id X in domains table

Read More »

A website is inaccessible when ModSecurity is enabled: Failed deleting collection (name “ip”, key “xxxxx”): Internal error

Read More »

Hosting Wiki

  • Django
  • Content Security Policy ( CSP )
  • Server Redundancy
  • Google Cloud CDN
  • Bare Metal Server
  • Oracle VM Server
  • Server Virtualization Software
  • Windows Server
  • Linux
  • MongoDB
  • Domain
  • Plesk
  • Web Server
  • DNS Server
  • Firewall
X-twitter Linkedin Youtube Reddit Github
  • Product
  • Login
  • Pricing
  • Editions
  • For Partners
  • Partner Program
  • Contributor Program
  • Affiliate Program
  • Plesk University
  • Company
  • Blog
  • Careers
  • Events
  • About Plesk
  • Our Brand
  • Resources
  • User and Admin guides
  • Help Center
  • Migrate to Plesk
  • Contact Us
  • Hosting Wiki
  • Forum
  • Legal
  • Legal
  • Privacy Policy
  • Imprint

© 2025 WebPros International GmbH

Part of the WebPros®  Family