• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Why do firewall rule changes only work sometimes?

David Jimenez

David Jimenez

Basic Pleskian
I have the Plesk firewall and Fail2Ban running. I also monitor our server logs to see if a particular IP address rings up a bunch of 404 error trying to get into our server. When I find such an entry (meaning Fail2Ban didn't trigger due to small variations in the log in attempt), I enter the IP address in a simple rule I setup in the firewall that denies all access to that specific IP address.

The problem is that about 50% of the time, I get the following message from Plesk when trying to activate the rule change: Warning: The current configuration has not been activated. The system has been reverted to the previous configuration. This has occured because there were connection problems between your browser and the server. Most probably, the reason is that you have arranged the configuration so that connections from your computer to the server are prohibited.

This isn't a complicated rule and it isn't trying to deny access to everyone.

Any idea why I get this warning? If I wait awhile and try again, it will go through.
 
In my original setup, I only listed the source IP address and said to deny incoming. I did not include any information on ports. That was accepted just fine for the first couple of IP addresses. The problem started on the third entry. I just tried again, but added a range of tcp port numbers and it was happy. Not sure if this was a coincidence or if it is a requirement. If the latter, not sure why it worked the first couple of times.
 
I need some additional help. After setting up the firewall rule to deny incoming from 199.33.126.82 on TCP 1-10000, that IP address still gets through to the server. Can someone tell me what I did wrong so that I can stop this pest?
 
Update: I increased the port range to the maximum allowed by Plesk of 1-65000 for both TCP and UDP. I also changed the settings to only allow our corporate IP address on SSH. But 199.33.126.82 is still finding a way to get onto our server. Anyone have an idea of what to do to kill off this jerk?

Update 2: I changed the Apache settings to add the IP address to the deny list. Now he gets a 403 instead of a 404, but would still like to prevent him from getting to the site all together. I found a script using .htaccess using ReWrite, but I need to learn how to turn that function on in Apache and then restart Apache to make the script work.
 
Last edited:
Back to my original issue with updating Plesk firewall rules. I am now getting a different message when I add another IP address. Again, it worked yesterday during the day, but I started getting this last night and today:

Error: Could not activate firewall configuration:

safeact: safeact: I did not receive connectivity confirmation after applying new firewall configuration, then same happened after I reverted to previous configuration. This means that both new and previous configurations were bad. Emergency rollback to configuration without rules was performed. Firewall is now disabled. Fix your rules and try again.
 
You must log in or register to reply here.

Similar threads

F
Question IPv4 forwarding rule
Replies
8
Views
380
alvarezcruz
alvarezcruz
R
Question Disable FTP on single ip address
Replies
3
Views
321
Kaspar
K
S
Issue cannot connect to remote mysql form specific docker container
Replies
0
Views
485
stefanoostwegel
S
jola
Issue Firewall stops working
Replies
7
Views
938
Peter van der Kleij
P
S
Issue Need Help Whitelisting GTM Noscript in Comodo WAF Rule 214540 on Plesk
Replies
1
Views
325
alvarezcruz
alvarezcruz
Back
Top