Choose OWASP mode
It would be great to have a select button in Plesk UI to choose between Self-contained mode and Anomaly Scoring mode for OWASP in Tools and Settings > Web Application Firewall (modsecurity)
![](https://secure.gravatar.com/avatar/7751a7b9508738e8d9332c70499c385f?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG
-
EhudZ commented
For Comodo it should be changed on:
# vi /etc/apache2/modsecurity.d/rules/comodo_free/00_Init_Initialization.conf
SecDefaultAction \
"phase:1,log,auditlog,deny,status:403"
SecDefaultAction \
"phase:2,log,auditlog,deny,status:403" -
EhudZ commented
Plesk ModSecurity required a revision...
You click "On" but you are actually mainly on Warning mode... as scores prefined do not bring to 403 error lots of the times...
You better manually fix this to:
the following parameters are specified in /etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/10-crs-setup.conf
They IMHO should be commented out:
SecDefaultAction "phase:1,log,auditlog,pass"
SecDefaultAction "phase:2,log,auditlog,pass"while they should be:
SecDefaultAction "phase:1,log,auditlog,deny,status:403"
SecDefaultAction "phase:2,log,auditlog,deny,status:403"**There was no RESTART is required**
# plesk sbin modsecurity_ctl --disable
# plesk sbin modsecurity_ctl --enable
# service httpd restart