Page 1 of 1

PLESK 12.5

Posted: Sun Sep 06, 2015 3:54 pm
by kram
Hello All,

I recently upgraded to PLESK 12.5.
I am having a number of issues with ASL that I am not sure how to resolve.

Firstly I am unable to access to the ASL web interface.
I get the following error:

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely.
As a result, it is not possible to add an exception for this certificate.

i edited /var/asl/etc/httpd/conf.d/ssl.conf

and commented the following lines.

Code: Select all

#Header add Strict-Transport-Security "max-age=15768000;includeSubDomains"
#Header always append X-Frame-Options SAMEORIGIN
But i still get the same error.

#2 Nginx , php-fpm, mod_security
All mod_security entries report the client as the host server and not the actual IP of the offender.

Code: Select all

[Sun Sep 06 21:16:20 2015] [error] [client] ModSecurity:  [file "/etc/httpd/modsecurity.d/99_asl_jitp.conf"] [line "313"] [id "336468"] [rev "2"] [msg " WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe"] [severity "CRITICAL"] Access denied with code 403 (phase 1). Match of "beginsWith %{}" against "TX:1" required. [hostname ""] [uri "/plugins/system/plugin_googlemap2/plugin_googlemap2_proxy.php"] [unique_id "VeyRBMXdE@IAAFYYn7YAAAAA"]
If I change the PHP setting for the domain to PHP 5.5.28 and FCGI mod_security still reports the host IP.

I have the following mod_security installed.

Code: Select all

rpm -qa | grep mod_security

rpm -qa | grep plesk-mod*
I see on the PLESK 12.5 administrators guide, they mention a potential conflict.

Plesk will install its own ModSecurity package. However, during the pre-upgrade check Plesk Installer will ask you if you agree that Plesk ModSecurity can be installed on top of your existing installation.

Your existing ModSecurity configuration is left as is. However, there are many distributions and configurations for ModSecurity, so it is hard to predict how old and new configurations may conflict. To avoid problems, save your existing configuration and uninstall ModSecurity before upgrading to Plesk 12 (or before installing Plesk's ModSecurity).
Any suggestion or ideas will be great!