How to Disable Mod Security Rules for one of my Domain in Plesk?

You are here:
  • Main
  • Plesk Support
  • How to Disable Mod Security Rules for one of my Domain in Plesk?
Table of Contents

Disabling Mod Security for My Specific Domain Name

Mod Security is a web application level Firewall that protects your website from certain known threats from user-level actions. It works seamlessly with most of the websites, but sometimes it can conflict with some type of website or some functionality in certain CMS. In that case, it can identify which specific ModSecurity rule is conflicting, you can disable that. But in many cases, it is very difficult to detect those specific rules. In those cases, it is better to disable the Mod Security Rules for the domain where you are facing the issue. To disable ModSecurity for your domain, follow the below instructions:

  1. Log in to your Plesk Control Panel
  2. Click on the Domain you want to manage from the Default “Websites & Domains” section. The options available for that domain will appear below as a dropdown section.
  3. Click on the “Web Application Firewall” from the options shown for that domain.
  4. You will find that the “Web Application Firewall Mode” is set to “On”. You can also see “Mod Security Log File” on this page which may help you detect the ModSecurity rule that is conflicting and disable that rule specifically see the bellow instruction on how to detect specific mod security rule and disable it. To disable Mod Security completely for this domain, set the Web Application Firewall Mode to “Off”
  5. After making the change, click on the “Okay” or “Apply” button to apply your changes. The Mod Security Should be now disabled for your domain.

How to find and Disable Specific ModSecurity Rule (for Advanced Users)?

If you are a developer and have familiarity with ModSecurity Rules, you can disable the specific ModSecurity Rules for your website instead of disabling it entirely. To do that, first, you need to find what the ModSecurity role is being activated that is affecting your website functionality. To find it:

  1. Log in to your Plesk Control Panel
  2. Click on the Domain you want to manage from the Default “Websites & Domains” section. The options available for that domain will appear below as a dropdown section.
  3. Click on the “Web Application Firewall” from the options shown for that domain.
  4. Click on the “Mod Security Log File” link on this page. You will find recent ModSecurity Triggers here.
  5. Click on the “More >>” link on the Relevant Action or Trigger that you want to fix.
  6. You will see a detailed log here for that incident. On that log, Have a look into the “Producer: ” section that will look something like “ModSecurity for IIS (STABLE)/*.*.* (http://www.modsecurity.org/); XXXX_XX”
  7. The last part after the semicolon (;) will describe the ModSecurity Rule that was activated. You will need to disable this list from the previous page.
  8. Go back to the previous page, You may search for the exact name of that role On the search box at the bottom that says “Active:”
  9. Now just click on the relevant role or tags and it will be moved to the “Deactivated” section.
  10. Click on the “OK” or “Apply” button to save your changes and check if that resolves your issue.

If you deactivate a specific ModSecurity Rule in this way and it works for you, then you do not need to Disable Mod Security completely.

In these two ways, you can work around with Mod Security on your hosting using our Plesk with Windows Hosting.

Was this article helpful?
How can we improve this article?