mod_security

[jayncali61]

i'm getting this error when making update while in admin of a php web site. i'm told its mod security and i should change it for the domain only
SecFilterEngine Off
SecFilterScanPOST Off

i have look for step by step instruction and can't find anything clear

cent 5.2 plesk 8.6 ASL


> Forbidden
>
> You don't have permission to access /adm-misc.php on this server

[mikeshinn]

Or if you are running ASL, what do you see in the alert GUI?

Its most likely a false positive, if you post the false positive here we can put out an update today for the rules.

[jayncali61]

i'm very new to this so if you could tell where to get this info or run the report


thank you

[mikeshinn]

If your are running ASL, just go into the ASL GUI and click on the event that is blocking access to your application. Then you can press the "Report False Positive" button and it will be sent directly to support for resolution. We generally have these issues resolved the same day and during normal business hours we try to get them done within a few hours.

If you are not running ASL you need to find your audit_log file, which is normally in /var/log/httpd.

Then simply paste the modsecurity event here for us to look at.

[hostingguy]

I dont think you are able to turn it off on a domain, and if you can then IMO you shouldnt be able to.

I know that I dont want a single one of my customers turning it off, and then finding out later that we got hacked cause they did so.

[mikeshinn]

In plesk a customer should not be able to turn it off for a domain as the vhost.conf file should still be owned by root, but yes that would be BAD BAD BAD if a user could do that. If anyone is running a version of Plesk that does allow that let us know. :-)

[hostingguy]

There are some tools out there (for a fee) that offer the ability to customers to edit the vhost.conf file directly in plesk. Outside of third party tools like that I cant imagine any plesk install instances where it would be able to be modified by the customer - at least anything after 7.5

Ive also seen lots of people try to put those directives in an htaccess file to turn it off and thankfully that doesnt work either

[mikeshinn]

Yeah I wouldnt install any tool that lets a user do that. Youre basically giving them free reign for all your domains if you do that, because a customer could basically make themselves authoritative for all the domains.