Articles in this section

See more

How do ModSecurity + Fail2Ban + Imunify360 work together in a server with Plesk?

Avatar
Yaroslav Tarasov
Updated
Follow
Plesk for Linux kb: how-to ext: modsec ABT: Group B ext: Imunify

Applicable to:

  • Plesk for Linux

Question

How do ModSecurity + Fail2Ban + Imunify360 work together in a server with Plesk?

Answer

All three tools DO NOT work in synergy. Please choose one of the following options below that serves your needs the best and avoid installing any other (including 3rdparties that are not listed).

Compatible and safe to use:

  • ModSecurity+Fail2Ban:

    When ModSecurity is enabled a rule "plesk-modsecurity" is created at Plesk > Tools & Settings > IP Address Banning (Fail2Ban) > Jails.
    When ModSecurity is triggered for X times (defined in Fail2Ban settings) by a certain IP address this IP address is banned by Fail2Ban for Y seconds.

  • Imunify360 only:

    Imunify360 uses the same algorithm as ModSecurity: both work based on analyzing Apache requests.
    Imunify360 installs ModSecurity component with special Imunify360 ruleset. The ruleset can be checked via CLI:

    # plesk sbin modsecurity_ctl -L --enabled
    custom

Not compatible:

  • Imunify360+Fail2Ban:

    According to Imunify360 installation guide, Imunify360 is incompatible with Fail2Ban.
    If Imunify360 is being used, disable Fail2Ban at Plesk > Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab.

  • Imunify360+ModSecurity with standard rulesets (e.g. OWASP and Comodo):

    It is strongly recommended to disable any other mod_security rulesets except Imunify360 ruleset (especially OWASP and Comodo). These rulesets can cause a large number of false positives and duplicate the Imunify360 ruleset. Consider using only Imunify360 ruleset to avoid such behavior. Please check the Imunify360 documentation for details: Hosting Panels Firewall Rulesets Specific Settings

Comments

2 comments

Sort by Date Votes
  • Avatar
    Marc Dahl

    Thanks for this post. Is there any plan to make a auto-config for those users with Immunify360 which automatic disables any incompatible settings in modsecurity and fail2ban?

    Thanks

    MG

    https://heimdallnordic.com 

    0
    Comment actions Permalink
  • Avatar
    Yaroslav Tarasov

    Hello @Marc Dahl,

    Since Imunify360 is developed by CloudLinux, I would recommend addressing this question to them directly. 

    I believe they are aware of such behavior and may implement such a feature if it's popular.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles