Sites for particular country show: 502 Bad Gateway

Updated April 05, 2023 04:03

Plesk for Linux kb: technical ABT: Group A

Applicable to:

Sites for particular country show:

CONFIG_TEXT: 502 Bad Gateway
In /var/www/vhosts/system/example.com/logs/error_log below error can be found:

CONFIG_TEXT: [Mon May 07 07:20:13.324316 2018] [:error] [pid 5522:tid 140219235301120] [client 203.0.113.2:47900] [client 203.0.113.2] ModSecurity: [file "/etc/httpd/conf/plesk.conf.d/modsecurity.conf"] [line "2"] [id "10"] [msg "Blocking BAD IP Address"] Access denied with connection close (phase 1). Pattern match "^(UA|LT|EG|RO|BG|TR|PK|MY|RU|CN)$" at GEO:COUNTRY_CODE. [hostname "example.com"] [uri "/favicon.ico"] [unique_id "Wu-iDVJ1stQOUHxdzoBC2wAAAJU"], referer: http://example.com/
In Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings there are custom rules:

CONFIG_TEXT: SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:10,drop,log,msg:'Blocking BAD IP Address'"
#SecRule GEO:COUNTRY_CODE "@streq UA"
SecRule GEO:COUNTRY_CODE "@rx ^(UA|LT|EG|RO|BG|TR|PK|MY|RU|CN)$"
SecRule REQUEST_HEADERS:User-Agent "AhrefsBot" "id:'300002',phase:2,t:none,log,deny,msg:'Blocking Ahrefs bot'"

ModSecurity blocks IP adresses from the country.

Login to Plesk
Go to Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings
Remove the custom directives