How to install and configure the Mod Security on Plesk 12 admin?

Mod Security installer is used for preventing the attacks on web applications. Mod security will check your requests from web application and produces the response against the application. If the check fails then it will take appropriate action.

Installation of Mod Security on Plesk 12 admin panel -

1. Login to your Plesk admin panel.
2. Click on Tools and Settings on left hand side.
3. Click on Updates and Upgrades on the right hand side. New window will open here.
4. Here, it will ask root password, so make sure you will have the root password. Enter it.
5. Click on Add and Remove Product Components.
6. Select Plesk hosting features >> Select ModSecurity Web Application Firewall for Apache.
7. Click on Install option on the bottom of the page.

Once done, you will get the confirmation box of successful installation.

Configuration of Mod Security on Plesk 12 admin panel -

1. Follow Tools and Settings >> Security >> Web Application Firewall Mod(ModSecurity)

2. You will get three modes of mod security here as below -
i. Off -
If you will select this option then it will not check your HTTP request and responses.

ii. Detection Only -
It will check your each HTTP request and equivalent responses against the defined set of rules. If the request get validates then it will be passed for web-content, else event will be logged without any further action.

iii. On -
It will check your each HTTP request and equivalent responses against the defined set of rules. If the request get validates then it will be passed for web-content, else event will be logged and error notification is sent with HTTP response with error code.
You can select any of the option as per your choice. You should take trial of the set of defined rules for some period then you can apply to live server.

3. Now, select the rule set which you would like to apply. By default 'Atomic Basic ModSecurity Rule' is defined.
4. Enable 'Update rule sets' and set it to weekly.
5. Now, you have three options as below under Configuration as Fast, Tradeoff and Thorough -

1. Fast - It will analyze the HTTP URI and headers.
2. Tradeoff - It will analyze the HTTP URI, headers and request POST data.
3. Thorough - It will analyze the HTTP URI, headers,request, POST data and HTTP response body.
Each option will require the more CPU resources so you can select the option as per your choice.

6. Click on 'OK' option to apply the settings. This will automatically restart Apache and load the new ModSecurity settings.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to resolve POST request fails while adding the sub-domain?

While adding sub-domain, I'm facing issue with POST request. I tried adding sub-domain, server is...

Unable to connect FTP - Incorrect Password or User Account is disabled in Windows

Error - The domain's primary ftp user account is disabled in Windows or has an invalid password....

How to force Force postfix to use only IPv4 protocol?

Here are the steps to Force postfix to use only IPv4 protocol - 1. Open postfix configuration...

How to repair vhost permissions for domains?

Here is the solution to repair the vhost permission - Login to your plesk server via SSH and...

How to retrieve plesk panel admin password?

Steps to retrieve plesk panel admin password -For Plesk versions 10.x-12.x :Log in to server via...

Powered by WHMCompleteSolution