Plesk 360 login
Free Trial

Knowledge Base

Login to PHP/ASP application fails with no error error when ModSecurity is enabled with “Tradeoff” or “Thorough” mode in Plesk for Windows

 
cmsfirewallgojoomlaphp

Symptoms

  • When logging in to PHP-based (WordPress, Joomla, Typo3 or any other CMS) or ASP-based application, the page refreshes without any changes.

  • "Tradeoff" or "Thorough" mode is enabled in Plesk at Tools & Settings > Web Application Firewall > Settings.

Cause

This is an issue in ModSecurity for IIS web server.

When changing the predefined set of values to "Tradeoff" or "Thorough" in ModSecurity settings (Tools & Settings > Web Application Firewall (ModSecurity)), the following warning message appears:

Selecting the "Tradeoff" or "Thorough" options may cause WordPress sites to malfunction, among other unwanted side effects, because of the following ModSecurity issue.

Resolution

  1. Log in to Plesk.

  2. Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings.

  3. Add the line below into the Custom directives field:

    SecStreamInBodyInspection on

  4. Apply the changes.

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

X-twitter Linkedin Youtube Reddit Github

© 2025 WebPros International GmbH

Part of the WebPros®  Family