Introduction
Plesk is a popular web hosting control panel that enables users to manage multiple websites from a single interface. One of its features is the Web Application Firewall (WAF) which is designed to protect web applications from various malicious attacks. However, sometimes, the WAF can cause unexpected errors in web applications, particularly in .NET Core and Blazor apps due to its prevention of certain DLL executions.
Understanding the WAF
The Web Application Firewall in Plesk monitors HTTP traffic to and from web applications. It looks for suspicious patterns or signatures of known attacks and takes action based on its configuration. The default mode for the WAF is usually set to block suspicious requests.
Issues with .NET Core and Blazor Apps
.NET Core and Blazor applications often use specific DLL files that are necessary for their functionality. Some of these DLLs might be flagged by the WAF as suspicious or potentially malicious, causing interference with the app's normal operation.
Common issues include:
- Access denied errors.
- Application failing to load.
- Features of the application not working correctly.
Setting the WAF to Detection Only
To prevent the WAF from blocking necessary DLLs and causing issues with .NET Core and Blazor apps, you can set the WAF to "Detection Only" mode. This will allow the WAF to log the suspicious activity but will not block any requests.
Steps to set WAF to Detection Only:
- Login to Plesk: Open your Plesk control panel using your credentials.
- Navigate to WAF Settings: Go to the ‘Security’ section, and under this, you will find the ‘Web Application Firewall (ModSecurity)’ option.
- Change the Operating Mode: Find the ‘Operating Mode’ setting. Change it from 'On' or 'Off' to 'Detection Only.'
- Save Changes: Click on the ‘Apply’ or ‘OK’ button to save your settings.
Conclusion
The Web Application Firewall in Plesk is an essential tool for securing web applications, but it's important to be aware of potential conflicts it might have with specific applications, especially those developed using .NET Core or Blazor. By setting the WAF to "Detection Only," you can monitor for potential threats without blocking necessary components of your application. Always remember to regularly check the WAF logs to identify and assess any potential threats.