1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Anonymous User
  2. Monday, December 25, 2017
  3.  Subscribe via email

We configured Modsecurity by custom rule set in the Plesk as below:
rule set is Atomicorp
Web application firewall mode is on
Predefined set of values is Thorough (The full HTTP request headers, the request POST data and the HTTP response body content will be analyzed.)
When we upload a malicious file through Plesk panel, it cannot detect and file upload to the customer directory. When we want to run that file (for example a php shell) then the Modsecurity prevents and return 403.
Could you please help us to make the Imunify360 working as a WAF to prevent upload malicious files?

Kind Regards,
Rate this post:
  1. 25.12.2017 10:12:12
  2. # 1
Alexander Z Accepted Answer
Posts: 31
Joined: 29.03.2017

Imunify360 could prevent upload of malicious files when Imunify360 ModSecurity rules set is enabled. As far as you using your own custom rule set, then Imunify360 rules that checking uploaded files are disabled because you could have only 1 active ruleset in Plesk. You need to disable your custom ruleset and install Imunify360's one using:

$ /usr/local/psa/admin/sbin/modsecurity_ctl --disable-all-rules --ruleset <YOUR_CUSTOM_RULES_NAME>
$ imunify360-agent plesk install-vendors

Good luck!
  1. 25.12.2017 11:12:37
  2. # 2
Majid Accepted Answer

What is the <YOUR_CUSTOME_RULES_NAME>? We have some *.conf files in the /etc/httpd/conf/modsecurity.d/rules/custom/ directory.
Also when we run $ imunify360-agent plesk install-vendors we got the below error:
INFO [+ 3570ms] defence360agent.subsys.panels.plesk.mod_security|Skipping vendor installationdue to conflicting vendor[s]: ['imunify360-full-apache']

Please let us know how we can configure modsecurity with your rules?

Kind Regards,
  1. 25.12.2017 12:12:40
  2. # 3
Alexander Z Accepted Answer
Posts: 31
Joined: 29.03.2017
Hello, Majid!

You could get currently active vendor by running "/usr/local/psa/admin/sbin/modsecurity_ctl -L --enabled".
In your case, I can see that "imunify360-full-apache" is already installed.
However, if you want to use Imunify360's ModSecurity rules and some other vendor is active now, you could use instructions from my previous comment.

If Imunify360's vendor is already active and upload of malicious files is still allowed, then it's unexpected behavior, please submit a ticket with our technical support at (Imunify360 department) so our team can help you with the issue.

  • Page :
  • 1

There are no replies made for this post yet.
Be one of the first to reply to this post!
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.