Help Center

How do I enable or disable ModSecurity in Plesk?

If you find that your website shows a 403, 405, or 406 error, it’s very likely that some element of your site is being blocked by a ModSecurity rule.

ModSecurity is a web application firewall. It blocks certain requests or code executions it considers dangerous. You can configure ModSecurity to allow or block certain executions depending on what your website requires.

In the Plesk control panel, you can access the ModSecurity settings by following these steps:

  1. In the main menu of your Plesk account, go to Web Application Firewall.
  1. The first options will allow you to disable or enable ModSecurity or enable it in Detection Only mode. In this mode it will generate detection logs but will not block the site from running.
  1. Below, you’ll find the configuration for ModSecurity rules. This is an advanced section and should only be configured by the webmaster or a specialized technician.
  2. Once you’ve made a change to the ModSecurity settings you must save the changes by pressing the ACCEPT button.