Help Center

How to enable or disable ModSecurity in Plesk?

If you find that your website displays a 403, 405, or 406 error, it is very likely that some element of your site is being blocked by a ModSecurity rule.

ModSecurity is an application firewall. What it does is block certain requests or code executions that it considers dangerous. You can configure ModSecurity to allow or block certain executions, as required by your website.

In the Plesk control panel, you can access the ModSecurity configuration by following these steps:

  1. In the main menu of your account within Plesk, go to Web Application Firewall.
  1. The first options will allow you to disable or enable ModSecurity or set it to detection only mode. In this mode it will generate detection logs but will not block the site from running.
  1. Below, you will find the configuration for ModSecurity rules. This is an advanced section and should only be configured by the webmaster or a specialized technician.
  2. Once you have made a change to the ModSecurity configuration you must save the changes by pressing the OK button.