Plesk for Windows
kb: how-to
Plesk for Linux
ABT: Group A
Applicable to:
- Plesk for Linux
Question
How to block specific countries in Plesk?
Answer
On Plesk 18.0.52 and higher with Firewall extension 2.0 installed this could be achieved following the next steps:
- Navigate to Tools & Settings > Firewall
- Click
to add a new rule.
- Specify the required countries in the following fields:
For older Plesk versions the following workarounds are available:
Workaround I
Workaround II
Follow the next steps to block particular countries via ModSecurity:
- Download the Geo2ip lite database:
# curl -Lo /usr/share/GeoIP/GeoLiteCountry.dat.gz https://dl.miyuru.lk/geoip/dbip/country/dbip4.dat.gz
-
Unpack it:
# gunzip /usr/share/GeoIP/GeoLiteCountry.dat.gz
- Navigate to Tools & Settings > Web Application Firewall(ModSecurity) > Settings and add the following Custom directives:
CONFIG_TEXT: SecGeoLookupDB /usr/share/GeoIP/GeoLiteCountry.dat
SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:99999932392,drop,log,msg:'Blocking %{geo.country_code}'"
SecRule GEO:COUNTRY_CODE "@pm XX XX XX"Note: "XX XX XX" are to be replaced with the required country codes.
Comments
6 comments
please update it
Plesk Obsidian 18.0.52
Hello,
Thanks, the article is updated.
For anyone looking this is the complete security rule with all countries except US and CO
SecGeoLookupDB /usr/share/GeoIP/GeoLiteCountry.dat
SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:99999932392,drop,log,msg:'Blocking %{geo.country_code}'"
SecRule GEO:COUNTRY_CODE "@pm AD AE AF AG AI AL AM AO AQ AR AS AT AU AW AX AZ BA BB BD BE BF BG BH BI BJ BL BM BN BO BQ BR BS BT BV BW BY BZ CA CC CD CF CG CH CI CK CL CM CN CR CU CV CW CX CY CZ DE DJ DK DM DO DZ EC EE EG EH ER ES ET FI FJ FK FM FO FR GA GB GD GE GF GG GH GI GL GM GN GP GQ GR GS GT GU GW GY HK HM HN HR HT HU ID IE IL IM IN IO IQ IR IS IT JE JM JO JP KE KG KH KI KM KN KP KR KW KY KZ LA LB LC LI LK LR LS LT LU LV LY MA MC MD ME MF MG MH MK ML MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ NA NC NE NF NG NI NL NO NP NR NU NZ OM PA PE PF PG PH PK PL PM PN PR PS PT PW PY QA RE RO RS RU RW SA SB SC SD SE SG SH SI SJ SK SL SM SN SO SR SS ST SV SX SY SZ TC TD TF TG TH TJ TK TL TM TN TO TR TT TV TW TZ UA UG UM USs UY UZ VA VC VE VG VI VN VU WF WS YE YT ZA ZM ZW "
Is there also a way to block a specific ISP, IP to ISP.
i.e. block DigitalOcean, LLC
Hello, Fadi Asbih
Yes, you can find the list of DO subnets here:
https://docs.digitalocean.com/products/platform/
Yeah this is not working.
After I have blocked countries like Bulgaria and Latvia, still manage to try to hack my server and the countries ip still shows up in IP Address Banning (Fail2Ban)
Hope for the best :)
Please sign in to leave a comment.