Applicable to:
- Plesk for Linux
Symptoms
-
Sites for particular country show:
CONFIG_TEXT: 502 Bad Gateway
-
In
/var/www/vhosts/system/example.com/logs/error_log
below error can be found:CONFIG_TEXT: [Mon May 07 07:20:13.324316 2018] [:error] [pid 5522:tid 140219235301120] [client 203.0.113.2:47900] [client 203.0.113.2] ModSecurity: [file "/etc/httpd/conf/plesk.conf.d/modsecurity.conf"] [line "2"] [id "10"] [msg "Blocking BAD IP Address"] Access denied with connection close (phase 1). Pattern match "^(UA|LT|EG|RO|BG|TR|PK|MY|RU|CN)$" at GEO:COUNTRY_CODE. [hostname "example.com"] [uri "/favicon.ico"] [unique_id "Wu-iDVJ1stQOUHxdzoBC2wAAAJU"], referer: http://example.com/
-
In Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings there are custom rules:
CONFIG_TEXT: SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:10,drop,log,msg:'Blocking BAD IP Address'"
#SecRule GEO:COUNTRY_CODE "@streq UA"
SecRule GEO:COUNTRY_CODE "@rx ^(UA|LT|EG|RO|BG|TR|PK|MY|RU|CN)$"
SecRule REQUEST_HEADERS:User-Agent "AhrefsBot" "id:'300002',phase:2,t:none,log,deny,msg:'Blocking Ahrefs bot'"
Cause
ModSecurity blocks IP adresses from the country.
Resolution
-
Go to Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings
-
Remove the custom directives
Comments
0 comments
Please sign in to leave a comment.