We configured Modsecurity by custom rule set in the Plesk as below:
rule set is Atomicorp
Web application firewall mode is on
Predefined set of values is Thorough (The full HTTP request headers, the request POST data and the HTTP response body content will be analyzed.)
When we upload a malicious file through Plesk panel, it cannot detect and file upload to the customer directory. When we want to run that file (for example a php shell) then the Modsecurity prevents and return 403.
Could you please help us to make the Imunify360 working as a WAF to prevent upload malicious files?