Articles in this section

Plesk Firewall Country Blocking with the GeoIP2 MaxMind free GeoLite2 database results in errors and a failed scheduled task

Daniel Yordanov
Updated
Plesk for Linux kb: technical ext: firewall

Applicable to:

  • Plesk for Linux

Symptoms

  • The Plesk Firewall is installed and enabled
  • Plesk Firewall Country Blocking is set up to use the GeoIP2 MaxMind free GeoLite2 database by following the Plesk Documentation here and as part of the setup steps, the following command needs to be executed:

    # LICENSE_KEY=<enter your license key here> plesk sbin modules/firewall/ipsets --configure --data-source maxmind-lite --force

  • Whenever the command LICENSE_KEY=<enter your license key here> plesk sbin modules/firewall/ipsets --configure --data-source maxmind-lite --force is executed, a great number of errors that are similar to the following appears:

    CONFIG_TEXT: GeoLite2-Country-Blocks-IPv4.csv:44: expected 6 columns but found 7 - extras ignored
    GeoLite2-Country-Blocks-IPv4.csv:45: expected 6 columns but found 7 - extras ignored
    GeoLite2-Country-Blocks-IPv4.csv:46: expected 6 columns but found 7 - extras ignored
    GeoLite2-Country-Blocks-IPv4.csv:47: expected 6 columns but found 7 - extras ignored
    GeoLite2-Country-Blocks-IPv4.csv:48: expected 6 columns but found 7 - extras ignored
    GeoLite2-Country-Blocks-IPv4.csv:49: expected 6 columns but found 7 - extras ignored
    GeoLite2-Country-Blocks-IPv4.csv:50: expected 6 columns but found 7 - extras ignored

  • Whenever the scheduled task /opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/firewall/scripts/update-geoip-db.php' --update --data-source maxmind-lite needs to run, the same errors are shown and the task eventually fails and is logged as failed in Plesk > Tools & Settings > Task Manager
  • The /var/log/plesk/panel.log contains errors that are similar to the following:

    CONFIG_TEXT: [2024-05-29 12:14:00.870] 598998:6656ffe8d466a ERR [panel] Task is not responding: id=13544, pid=590963, type=scheduler-run-task
    [2024-05-29 12:14:00.873] 598998:6656ffe8d466a ERR [panel] Task is not responding: id=13544, pid=590963, type=scheduler-run-task, clientRemoteAddr=*****, referrer=/admin/scheduler/edit-task/id/388, runTaskUnderLogin=admin, task=/opt/psa/admin/bin/php -d auto_prepend_file=sdk.php /opt/psa/admin/plib/modules/firewall/scripts/update-geoip-db.php --update --data-source maxmind-lite, taskId=0
    [2024-05-29 12:14:00.883] 598986:6656ffe8d79d6 ERR [panel] Task is not responding: id=13544, pid=590963, type=scheduler-run-task
    [2024-05-29 12:14:00.883] 598986:6656ffe8d79d6 ERR [panel] Task is not responding: id=13544, pid=590963, type=scheduler-run-task, clientRemoteAddr=*****, referrer=/admin/scheduler/edit-task/id/388, runTaskUnderLogin=admin, task=/opt/psa/admin/bin/php -d auto_prepend_file=sdk.php /opt/psa/admin/plib/modules/firewall/scripts/update-geoip-db.php --update --data-source maxmind-lite, taskId=0
    [2024-05-29 12:42:20.997] 605600:6657068cf356d ERR [panel] Unable to find row with id 13544 in longtasks table.:
    0: /opt/psa/admin/plib/Db/Table/Abstract.php:117
    Db_Table_Abstract->getOne(string '13544')
    1: /opt/psa/admin/plib/Task/Async/Executor.php:33
    Task_Async_Executor->execute()
    2: /opt/psa/admin/plib/scripts/task-async-executor.php:6
    [2024-05-29 12:42:20.999] 605600:6657068cf356d ERR [panel] Unable to find row with id 13544 \ table.
    [2024-05-29 12:42:32.500] 605659:665706987a0dc ERR [panel] Unable to find row with id 13544 in longtasks table.:
    0: /opt/psa/admin/plib/Db/Table/Abstract.php:117
    Db_Table_Abstract->getOne(string '13544')
    1: /opt/psa/admin/plib/Task/Async/Executor.php:33
    Task_Async_Executor->execute()
    2: /opt/psa/admin/plib/scripts/task-async-executor.php:6
    [2024-05-29 12:42:32.504] 605659:665706987a0dc ERR [panel] Unable to find row with id 13544 in longtasks table.
    [2024-05-29 12:42:46.875] 605725:665706a6d5615 ERR [panel] Unable to find row with id 13544 in longtasks table.:
    0: /opt/psa/admin/plib/Db/Table/Abstract.php:117
    Db_Table_Abstract->getOne(string '13544')
    1: /opt/psa/admin/plib/Task/Async/Executor.php:33
    Task_Async_Executor->execute()
    2: /opt/psa/admin/plib/scripts/task-async-executor.php:6
    [2024-05-29 12:42:46.876] 605725:665706a6d5615 ERR [panel] Unable to find row with id 13544 in longtasks table.

Cause

This issue is confirmed to be caused by a known bug with ID #EXTPLESK-5564 Plesk firewall throwing errors during regular maxmind database upgrade: expected 6 columns but found 7 - extras ignored and will be resolved in future versions of Plesk and the Plesk firewall.

Note: please click the Follow button near the article headline to stay informed - you will receive an update via email when updates to the article are added

You may check if the bug has been resolved in the Change Log for Plesk Obsidian

Resolution

Until the issue is resolved permanently, you may apply one of the following workarounds:

If you want to continue using a MaxMind IP database

1. Log into your server via SSH
2. Find the location of the maxmind and maxmind-lite configuration files on your server:

# find / -type f \( -iname "maxmind" -o -iname "maxmind-lite" \) 2>/dev/null

3. Open the files from the result for editing with your favorite command-line text editor and locate the following lines:

CREATE TABLE blocks_ipv4 (network TEXT, geoname_id TEXT, registe red_country_geoname_id TEXT,
represented_country_geoname_id TEXT, is_anonymous_proxy TEXT, is_satellite_provider TEXT);
CREATE TABLE blocks_ipv6 (network TEXT, geoname_id TEXT, registe red_country_geoname_id TEXT,
represented_country_geoname_id TEXT, is_anonymous_proxy TEXT, is_satellite_provider TEXT);

3. Add is_anycast TEXT to each of the lines, so that the lines becomes the following:

CREATE TABLE blocks_ipv4 (network TEXT, geoname_id TEXT, registe red_country_geoname_id TEXT,
represented_country_geoname_id TEXT, is_anonymous_proxy TEXT, is_satellite_provider TEXT, is_anycast TEXT);
CREATE TABLE blocks_ipv6 (network TEXT, geoname_id TEXT, registe red_country_geoname_id TEXT,
represented_country_geoname_id TEXT, is_anonymous_proxy TEXT, is_satellite_provider TEXT, is_anycast TEXT);

4. Save the changes and close the files
5. Go to Plesk > Tools & Settings > Firewall
6. Move the Firewall protection slider to the left to disable the Plesk firewall
7. Move the Firewall protection slider to the right in order to enable the Plesk firewall
 
This will make the changes come into effect and you will no longer see the errors.

If you prefer to switch to a different IP database

1. Log into your server via SSH
2. Open the /usr/local/psa/admin/conf/panel.ini file with your favorite command-line text editor
3. Remove the following contents:

[ext-firewall]
geoipDataSource = maxmind-lite

4. Save the changes
5. Go to Plesk > Tools & Settings > Firewall
6. Move the Firewall protection slider to the left to disable the Plesk firewall
7. Move the Firewall protection slider to the right in order to enable the Plesk firewall
 
This will make the Plesk Firewall switch to the default “IP to Country Lite” database from DB-IP instead of the MaxMind database and you will no longer see such errors.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.