web analytics

Plesk for Linux – Disabling mod_security rules for specific directory

Written by config on . Posted in Linux, Ubuntu


If you are working with Plesk Control Panel ( Linux version ) and mod security – you probably encountered some problems with specific scripts. Sometimes mod security block certain functions of the script because it thinks it is malicious code.

For example this warning taken from Apache log:

Warning. Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/httpd/conf.d/modsecurity/modsecurity_crs_35_bad_robots.conf"] [line "27"] [id "990011"]

Lets say you want to leave mod_security as it is without removing it or disabling on the server, what you want to do is to disable this specific rule (“990011”)¬†for the specific directory in the domain and let your scripts work as it should.
Here is a quick solution.

Create a file called vhost.conf in /var/www/vhosts/domain.com/conf
containing the following:

<Directory /var/www/vhosts/domain.com/httpdocs> SecRuleRemoveByID 990011 </Directory>

Then run this in terminal:

/usr/local/psa/admin/bin/websrvmng -u --vhost-name=domain.com
service httpd restart

This is specific to Redhat/Centos.
If you cannot find websrvmng in the mentioned path you can try:

locate websrvmng

Also pay attention that if you use Debian and Ubuntu or their derivatives, you cannot use the service command and your apache is not httpd.
Try to use

/etc/init.d/apache2 restart

Tags: , ,

Trackback from your site.

Leave a comment