Plesk, ModSecurity and SmarterTools

When using a SmarterTools product in conjunction with Plesk, occasionally users may have issues getting the SmarterTools product to work properly. While SmarterMail, SmarterTrack, and SmarterStats generally work quite well with Plesk, there are times when errors can occur.

In general, we've found that these issues are related to the use of ModSecurity within Plesk. Typically, ModSecurity isn't used on a Windows server. As such, it can cause issues when enabled for a SmarterTools product within Plesk. 

When using SmarterMail, it is possible to "fix" ModSecurity via the command line. Plesk is aware of the issues around SmarterMail, Plesk, and ModSecurity, and they've told us that a fix is coming in an update at some point in the future. Until then, Plesk can provide a command to fix the issue until such time that the actual software fix is in place. Below is the command they gave us, but we can't guarantee it will resolve all issues, so contacting Plesk is the better course of action:
plesk sbin defpackagemng --update --type=waf.modsecurity --package=modsecurity --fix

For SmarterStats, system administrators need to modify the SmarterStats web.config file to actually disable ModSecurity. Unfortunately, we have no word on whether Plesk has a plan to resolve this issue. In addition, modifying the web.config is a temporary solution as, upon upgrading SmarterStats, the web.config is overwritten. Therefore, the following change needs to be put in place after each upgrade of SmarterStats. The following change is added under <system.webServer>:
<ModSecurity enabled="false" />
As mentioned, this change would need to occur after each SmarterStats upgrade as the web.config file is overwritten each time. 


If this doesn't help with the issue that you're having with Plesk one other thing that you can try is to turn off Web Application Firewall Mode. This is located in Plesk > tools & settings > "Web application firewall mode".