Articles in this section

IP addresses are being banned by the Fail2Ban "plesk-modsecurity" jail, when working in WordPress admin dashboard

Kuzma Ivanov
Updated
Plesk for Linux kb: technical ABT: Group A

Applicable to:

  • Plesk for Linux

Symptoms

  • When working in WordPress admin dashboard, the user's IP address is being blocked by Fail2Ban.

  • The Fail2Ban "plesk-modsecurity" jail is enabled in Plesk.

  • Imunify360 rules-set is used for ModSecurity (Tools & Settings > Web Application Firewall (ModSecurity) > Settings).

  • The following message appears in /var/log/modsec_audit.log:

    CONFIG_TEXT: referer: https://example.com/wp-admin/edit.php?post_type=page
    ...
    --a620201a-H--
    Message: Operator EQ matched 1 at TX:trapped. [file "/etc/httpd/conf/modsecurity.d/rules/custom/000_i360_0.conf"] [line "182"] [id "33314"] [msg "RTrack: G:post=5556&action=edit& P: F: FC:||T:APACHE||PC:32291||R:200"] [severity "DEBUG"]
    [tag "i360"] [tag "noshow"]

Cause

According to Imunify360 installation guide, Imunify360 is incompatible with fail2ban.

Resolution

  1. Log in to Plesk.

  2. Disable fail2ban at Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.