• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Plesk Panel Log and Cloudflare - log doesn't show Real IP

K

Katog Choling

New Pleskian
Server operating system version
Ubuntu 22.04.3 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.55.0
Using Cloudflare (free tier), my plesk.log doesn't show the real IP address. I've successfully configured the real IP logging for Nginx and Apache using the information here, which is working fine for the nginx and apache logs etc. However, it doesn't seem to have any effect on the plesk.log which only shows the Cloudflare IP.

The reason this is a problem is that a nefarious source is attempting to log into the panel every 11 minutes and I'd like to block the IP - but it's only showing the Cloudflare address:

panel.log
Code: 
...
[2023-09-06 14:58:59.533] 73515:64f893b382232 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.38.254"
[2023-09-06 14:58:59.563] 73515:64f893b382232 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.38.254
[2023-09-06 15:09:56.988] 73655:64f89644f1287 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.230.2"
[2023-09-06 15:09:57.024] 73655:64f89644f1287 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.230.2
[2023-09-06 15:20:51.101] 73845:64f898d318924 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.38.254"
[2023-09-06 15:20:51.129] 73845:64f898d318924 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.38.254
[2023-09-06 15:31:36.396] 74038:64f89b5860b89 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.38.254"
[2023-09-06 15:31:36.430] 74038:64f89b5860b89 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.38.254

Is there a way to get the plesk.log to record the real IP?
Is there another way to find the real IP?
How can I block this?
 
Yes, I'm aware that the Cloudflare proxy rewrites the origin IP address and specifies the client's IP address in an additional HTTP header. How do I configure Plesk so that the Plesk panel.log records the origin address - just like we can do for the apache and nginx logs?
 
In the panel.ini file I see entries for:

[panel]realIpFrom127.0.0.1
[panel]realIpHeaderX-Forwarded-For
[log]show.sourcefalse

Could changing any of these help? Or some other setting in the panel.ini file?
 
As currently sw-cp-server does not include realip module, use one of the solutions below:
  1. Use a custom domain name (or a hostname) with a 443 port for Plesk access: Administrator's Guide: Customizing Plesk URL.
    In this case, the frontend nginx that includes realip module handles the request. The official solution provided by Cloudflare may be used in this case: Couldflare: Restoring original visitor IPs
  2. Use a custom domain name or a subdomain, for example, https://plesk.hostname without Cloudflare as the entry point to Plesk. In this case, there will be no CDN in front of Plesk.
  3. Configure Plesk to trust Cloudflare.
    Currently, there is a [restriction when Plesk does not allow IP ranges in the configuration. Such behavior is known as the Plesk bug with ID #PPP-52375, which is planned to be fixed in future Plesk updates.
    However, it is possible to use some particular IP addresses. The lines like the below may be added to the panel.ini file. Add them using the Panel.ini Editor extension or by modifying the /usr/local/psa/admin/conf/panel.ini directly on the server:
    [panel]
    realIpFrom = 127.0.0.1, <CloudflareIP1>, <CloudflareIP2>
 
You must log in or register to reply here.

Similar threads

H
Question MariaDB doesn't start after upgrade
Replies
3
Views
770
Kaspar@Plesk
Kaspar@Plesk
A
Resolved 500 Plesk\Exception\Database
Replies
1
Views
487
ayadai
A
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
2K
Lenny
Lenny
E
Question Unable to log in to Plesk via SSH.
Replies
5
Views
2K
Peter Debik
P
kaw.one
Question (VPS) Cloudflare, Gmail and Other Plesk Panel 8443 (2 minutes - slow read)
Replies
1
Views
1K
kaw.one
kaw.one
Back
Top