How to test ModSecurity Atomic Standard(Previous Atomic Basic ModSecurity) rule

[Suhitha]

Applicable to:

• Plesk for Linux

Question

ModSecurity Atomic Standard(Previously called Atomic Basic) ruleset was installed.

How to test if it works correctly?


Answer

1.Log in to Plesk.

2.Go to Tools & Settings > Web Application Firewall and set the Web application firewall mode directive to the On value.

3.Navigate to Tools & Settings > Web Application Firewall > Settings, switch rules to the Atomic Standard ModSecurity rule set and set the Predefined set of values directive to the Fast value.

4.Connect to the server using SSH.

5.Get the list of domains by using the command below and choose one of them for further step:

# plesk bin domain --list

example.com

6.Perform the testing (replace example.com with the actual domain name):

Note: due to the fact that redirects to HTTPS or/and to WWW can be configured for the domain, it is required to check all commands below. Some of them can return the 301 Moved Permanently which just tells that redirect for some separate website page is configured.

# curl -IkL http://example.com/?abc=../../
HTTP/1.1 200 OK

# curl -IkL http://www.example.com/?abc=../../
HTTP/1.1 200 OK

# curl -IkL https://example.com/?abc=../../
HTTP/1.1 200 OK

# curl -IkL https://www.example.com/?abc=../../
HTTP/1.1 403 Forbidden
Server: nginx
...
# curl -IkL https://example.com/?q=\'1%20OR%201=1
HTTP/1.1 403 Forbidden
Server: nginx
...

If after execution of all commands above the 403 Forbidden error was got then ModSecurity is working correctly.