Question
ModSecurity Atomic Basic ruleset was installed.
How to test if it works correctly?
Answer
-
Go to Tools & Settings > Web Application Firewall and set the Web application firewall mode directive to the On value.
-
Navigate to Tools & Settings > Web Application Firewall > Settings, switch rules to the Atomic Basic ModSecurity rule set and set the Predefined set of values directive to the Fast value.
-
Connect to the server using SSH.
-
Get the list of domains by using the command below and choose one of them for further step:
# plesk bin domain --list
example.com
-
Perform the testing (replace
example.comwith the actual domain name):Note: due to the fact that redirects to HTTPS or/and to WWW can be configured for the domain, it is required to check all commands below. Some of them can return the 301 Moved Permanently which just tells that redirect for some separate website page is configured.
# curl -IkL http://example.com/?abc=../../
HTTP/1.1 200 OK# curl -IkL http://www.example.com/?abc=../../
HTTP/1.1 200 OK# curl -IkL https://example.com/?abc=../../
HTTP/1.1 200 OK# curl -IkL https://www.example.com/?abc=../../
HTTP/1.1 403 Forbidden
Server: nginx
...
# curl -IkL https://example.com/?q='1%20OR%201=1
HTTP/1.1 403 Forbidden
Server: nginx
...
If after execution of all commands above the 403 Forbidden error was got then ModSecurity is working correctly.