Articles in this section

What does Imunify notifications do in Plesk?
PHP settings do not apply on a domain when CageFS is enabled in CloudLinux
[CVE-2025-66431] Security vulnerability in domain creation mechanism allows Plesk users to execute arbitrary code on behalf of root
Generating CSR certificate under AlmaLinux 9 and AlmaLinux 10 does not save the Country, City and other fields from SSL certificate settings section
Plesk update fails: bind9 package is half-configured
Wrong $_SERVER['HTTP_HOST'] and $_SERVER['SERVER_NAME'] using Default Site in IP Addresses
Plesk / system update fails after dist-upgrade from Debian 11 to Debian 12: Depends: libodbc2 (>= 2.3.1) but it is not going to be installed
Accessing Apache & nginx settings in Plesk 18.0.72.0 returns error 500: Return value must be of type bool, null returned
Vulnerability CVE-2025-54336
Unable to open mail server configuration for a domain in Plesk UI: The label can only be a string
See more

Unable to turn on Plesk Firewall with error: Did not receive a matching activation token before confirmation timeout

Vladimir Levchuk

Updated June 04, 2024 09:55

kb: technical Plesk Obsidian for Linux

Symptoms

Unable to turn on firewall via Plesk GUI, with error like below:

PLESK_ERROR: Did not receive a matching activation token before confirmation timeout

Same error records can be found in Plesk log /var/log/plesk/panel.log
Firewall service shows as active:

# systemctl status plesk-firewall.service
● plesk-firewall.service - Plesk firewall rules
Loaded: loaded (/usr/lib/systemd/system/plesk-firewall.service; disabled; vendor preset: disabled)
Active: active (exited) since Mon 2023-05-08 17:22:29 UTC; 37min ago
Process: 20444 ExecStart=/bin/bash /usr/local/psa/var/modules/firewall/firewall-active.sh (code=exited, status=0/SUCCESS)
Main PID: 20444 (code=exited, status=0/SUCCESS)
Firewall rules with no from nor ports are seen in json configuration:

# /usr/local/psa/bin/modules/firewall/settings --list-json
[
....
....
{
"class": "custom",
"name": "block 203.0.113.2",
"direction": "input",
"ports": "",
"from": "",
"action": "deny",
"originalId": 98,
"id": 478
},
{
"class": "custom",
"name": "block 203.0.113.3",
"direction": "input",
"ports": "",
"from": "",
"action": "deny",
"originalId": 97,
"id": 477
},
....
....

Cause

Misconfigured rules are present in Plesk Firewall. Fields ports and from are empty.

For reference, check this Jira ticket: https://webpros.atlassian.net/browse/EXTPLESK-4587

Resolution

Remove misconfigured rules manually:

Connect to the server via SSH
Backup firewall database by running

# cp -p /usr/local/psa/var/modules/firewall/firewall.sqlite3 /root/firewall_backup.sqlite3
Open the firewall database with sqlite3:

# sqlite3 /usr/local/psa/var/modules/firewall/firewall.sqlite3
Use SQL query like below to remove misconfigured firewall rules:

MYSQL_LIN: DELETE FROM rules WHERE data LIKE "%block 203.0.113.2%"

MYSQL_LIN: DELETE FROM rules WHERE data LIKE "%block 203.0.113.3%"

Note: Modify the query accordingly to remove rules in bulk.
Start firewall from Tools & Settings > Firewall

Note: Alternatively, in case non of those rules are necessary, reinstall Plesk Firewall. Rules will be deleted. Use Plesk Installer to uninstall & install Plesk Firewall.

Comments

0 comments

Please sign in to leave a comment.