• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Local IP address blocked by feature fail2ban

T

Thomas Becker

Basic Pleskian
Hello,
there is a strange problem with the new feature fail2ban.
I have noticed that a local ip address (ip address from the webserver itself) was added to the blocked ip addresses of fail2ban now for the second time.
What I can see is that it was the recidive jail.

If there is nginx used as reverse proxy you get a "502 Bad Gateway".
Could you please tell me if there is a way to find out more about the reason why an ip address is added to the list of blocked ip addresses in fail2ban? Thanks.

Regards Thomas
 
Do you received any alert from Fail2Ban regarding the IP block ? If yes, please update here so that we can check why your IP is block on your server

And Fail2Ban is working with the iptables so iptables will not block your server Ip in iptables.

If you want to add any IP in allow list you can do it through Plesk >> Tools & Settings > IP Address Banning (Fail2Ban) > Trusted IP Addresses > Add Trusted IP.
 
Hello InderS,
in fail2ban log there I can find some entries like that:
fail2ban.actions[21339]: WARNING [plesk-apache] Ban xx.xx.xx.xx

Where xx.xx.xx.xx is the IP address of the hosting of the site where you get 502 while browsing on the website.

I manually added all local IP addresses to whitelist of fail2ban and this works.
But why is fail2ban banning the local IP? Can Nginx be the reason?

Maybe Plesk should add the local IPs automatically to the whitelist of fail2ban. But it should be better to find the reason for banning.

Regards Thomas
 
You must log in or register to reply here.

Similar threads

T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
1K
TurabG
T
Gianni
Question My IP in jail fail2ban using plesk
Replies
0
Views
456
Gianni
Gianni
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
976
andreios
andreios
majdi draouil
Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare
Replies
1
Views
653
Raul A.
R
F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
1K
frg62
F
Back
Top