• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk Firewall and mod_evasive (CLI control for firewall?)

J

JANSEO

New Pleskian
Dear Parallels Support,

I hereby want to inform if Plesk Firewall can be setup to work together with Apache mod_evasive.

I have a default CentOS6 + Plesk server and installed the Plesk firewall module. I have installed mod_evasive via YUM (EPEL repo).

The configuration of mod_evasive is as following:

Code: 
DOSHashTableSize    10240
DOSPageCount        10
DOSSiteCount        100
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   5

DOSEmailNotify      x@x

# If this value is set, the system command specified will be executed
# whenever an IP address becomes blacklisted.  This is designed to enable
# system calls to ip filter or other tools.  A locking mechanism using /tmp
# prevents continuous system calls.  Use %s to denote the IP address of the
# blacklisted IP.
#DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"

DOSLogDir           "/log/mod_evasive"

I have used the included test.pl script on a different server to simulate a DDoS attack.

After a sertain amount of hits a 403 is returned, suggesting a mod_evasive block via iptables, but it lasts a second and the next 10+ hits are accepted again.

I have read in an internet post that the Plesk firewall resets iptables, so that mod_evasive rules are removed.

Is there a default configuration method to use Plesk firewall with mod_evasive? Or is there CLI to configure the firewall so that it can be setup via DOSSystemCommand?

Best Regards,
Jan
 
Last edited:
Firewall module in Plesk only (re)applies policy if you either 1) apply it manually via web interface or 2) on firewall service start (read: machine reboot). So it's highly unlikely it is interfering in your case.

Also this is not a support forum, but rather a community forum.
 
Nikolay. said:
Firewall module in Plesk only (re)applies policy if you either 1) apply it manually via web interface or 2) on firewall service start (read: machine reboot). So it's highly unlikely it is interfering in your case.

Also this is not a support forum, but rather a community forum.
Click to expand...

Dear Nikolay,

Thanks a lot for the reply and information.

Best Regards,
Jan
 
One website of me is in trouble.. all days user download content (images) from it with scripts.. cpu is very high and traffic too... attacker make 40.000 page requests in 2h per IP.
So I search for a solution to ban such bad visitors for x hours.

I found for this apache mod "mod_evasive" for this purpose, but its not working with plesk 11.5.30, because its reset the ban?

What can I do? Is here another mod that will working?
 
You must log in or register to reply here.

Similar threads

F
Question IPv4 forwarding rule
Replies
8
Views
381
alvarezcruz
alvarezcruz
S
Issue Cant activate the plesk firewall
Replies
5
Views
2K
martinez.marcias@gmai
M
P
Issue Certificate problem in Plesk
Replies
5
Views
1K
Raul A.
R
T
Question Using an external firewall to block Plesk ports
Replies
3
Views
2K
thinkjarvis
T
E
Issue DKIM email control not valid
Replies
2
Views
917
Erwan
E
Back
Top