Fail2ban bans server IP using modsecurity jail in Plesk 12.5 on CentOS 7

Created:

2016-11-16 12:56:08 UTC

Modified:

2017-06-08 15:18:14 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Fail2ban bans server IP using modsecurity jail in Plesk 12.5 on CentOS 7

Symptoms

  1. Fail2Ban incorrectly reads ModSecurity's logs: it detects local IP instead of the client IP and blocks it

  2. All websites are down:

    error 502 Bad Gateway
  3. Nginx is enabled on a server

Cause

Server IP is blocked by Fail2ban.

This is Plesk bug with ID #PPPM-4408 which was fixed in Plesk Onyx.

Resolution

Upgrade to the latest Plesk version.

As a workaround, set the following parameter in /etc/fail2ban/filter.d/plesk-modsecurity.conf file:

failregex = ^X-Real-IP:\\s<HOST>.*$
Have more questions? Submit a request
Please sign in to leave a comment.