Applicable to:
- Plesk for Linux
Question
How do ModSecurity + Fail2Ban + Imunify360 work together in a server with Plesk?
Answer
All three tools DO NOT work in synergy. Please choose one of the following options below that serves your needs the best and avoid installing any other (including 3rdparties that are not listed).
Compatible and safe to use:
-
ModSecurity+Fail2Ban:
When ModSecurity is enabled a rule "plesk-modsecurity" is created at Plesk > Tools & Settings > IP Address Banning (Fail2Ban) > Jails.
When ModSecurity is triggered for X times (defined in Fail2Ban settings) by a certain IP address this IP address is banned by Fail2Ban for Y seconds. -
Imunify360 only:
Imunify360 uses the same algorithm as ModSecurity: both work based on analyzing Apache requests.
Imunify360 installs ModSecurity component with special Imunify360 ruleset. The ruleset can be checked via CLI:# plesk sbin modsecurity_ctl -L --enabled
custom
Not compatible:
-
Imunify360+Fail2Ban:
According to Imunify360 installation guide, Imunify360 is incompatible with Fail2Ban.
If Imunify360 is being used, disable Fail2Ban at Plesk > Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab. -
Imunify360+ModSecurity with standard rulesets (e.g. OWASP and Comodo):
It is strongly recommended to disable any other mod_security rulesets except Imunify360 ruleset (especially OWASP and Comodo). These rulesets can cause a large number of false positives and duplicate the Imunify360 ruleset. Consider using only Imunify360 ruleset to avoid such behavior. Please check the Imunify360 documentation for details: Hosting Panels Firewall Rulesets Specific Settings
Comments
2 comments
Thanks for this post. Is there any plan to make a auto-config for those users with Immunify360 which automatic disables any incompatible settings in modsecurity and fail2ban?
Thanks
MG
https://heimdallnordic.com
Hello @Marc Dahl,
Since Imunify360 is developed by CloudLinux, I would recommend addressing this question to them directly.
I believe they are aware of such behavior and may implement such a feature if it's popular.
Please sign in to leave a comment.