Question
ModSecurity Atomic Basic rule set was installed.
How to test if it works correctly?
Answer
-
Go to Tools & Settings > Web Application Firewall and set the Web application firewall mode directive to the On value.
-
Navigate to Tools & Settings > Web Application Firewall > Settings, switch rules to the Atomic Basic ModSecurity rule set and set the Predefined set of values directive to the Fast value.
-
Connect to the server using SSH.
-
Get the list of domains by using the command below and choose one of them for further step:
# plesk bin domain –list
example.com
-
Perform the testing (replace
example.comwith the actual domain name):Note: due to the fact that redirects to HTTPS or/and to WWW can be configured for the domain, it is required to check all commands below. Some of them can return the 301 Moved Permanently which just tells that redirect for some separate website page is configured.
# curl -Ik http://example.com/?abc=../../
HTTP/1.1 301 Moved Permanently# curl -Ik http://www.example.com/?abc=../../
HTTP/1.1 301 Moved Permanently# curl -Ik https://example.com/?abc=../../
HTTP/1.1 301 Moved Permanently# curl -Ik https://www.example.com/?abc=../../
HTTP/1.1 403 Forbidden
Date: Mon, 26 Mar 2018 04:56:28 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1# curl -Ik https://example.com/?q=’1%20OR%201=1
HTTP/1.1 403 Forbidden
Date: Tue, 09 Apr 2019 14:14:20 GMT
Server: Apache
Content-Type: text/html
If after execution of all commands above the 403 Forbidden error was got then ModSecurity is working correctly.
with