• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question ModSecurity & Fail2Ban w/ Plesk Subscription behind proxy server

R

rowingpeter_s

New Pleskian
ModSecurity and Fail2Ban are working well, however, we have one plesk subscription that sits behind a separate proxy server so the Real-IP that is recorded in modsec_audit.log is the IP address of the proxy server. As a result, it is the proxy server [rather than requesting client] that is being banned when ModSecurity rules are triggered.

The ModSecurity log contains both

X-Real-IP: 31.3.246.xxx
X-Forwarded-For: 41.13.216.yyy

We really want to configure so requests are blocked when the "X-Forwarded-For: 41.13.216.yyy" header is present.

It looks as though this could be quite a simple adjustment to the default filters/jails that are provided with Plesk Onyx. Looking for help with how to achieve this.
 
This explains a generic approach very well but it would be great to know if there is a simpler / tried and tested way to apply within Plesk.

Fail2Ban Behind A Proxy/Load Balancer – Centos.Tips

I had thought that it wouldn't be possible as IPTables would only ban the IP address of the proxy. The CentOS article suggests with Packet Inspection we can look for an X-Forwarded-For header and the relevant IP address in the packet and then drop it.
 
You must log in or register to reply here.

Similar threads

D
Question Making a reverse proxy to a domain hosted in Plesk or cpanel with nginx
Replies
0
Views
720
davibigi
D
P
Question Getting X-Forwarded-For IP address from behind a nginx proxy server
Replies
4
Views
2K
philglau
P
S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
1K
sulabhpuri
S
D
Issue Incorrect logging of IP from Plesk Windows under Reverse Proxy
Replies
7
Views
5K
dairuru
D
T
Question Plesk Odoo Nginx Reverse Proxy
Replies
4
Views
7K
Edinson
E
Back
Top