• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Block specific countries through Plesk

othmaqsa

Regular Pleskian
Server operating system version
Ubuntu 20.04.6 LTS
Plesk version and microupdate number
Version 18.0.51
Hello,

I want to block few countries through Plesk via ModSec. I have read the documentation in this url: https://support.plesk.com/hc/en-us/articles/12377285410839

If I apply the Workaround 2, the Website hosted in the server will be unavailable in the blocked countries, right ?

Thank you.
 
The database is only a collection of IP addresses and their association with a country code. This is an independent database. The data from the database is applied to a ModSecurity rule. Where the rule applies depends on the ModSecurity version you are using. When you want ModSecurity to work with Nginx, you will need version 3.0, for Apache you need to select version 2.9. This does not depend on the geoip database.
 
The database is only a collection of IP addresses and their association with a country code. This is an independent database. The data from the database is applied to a ModSecurity rule. Where the rule applies depends on the ModSecurity version you are using. When you want ModSecurity to work with Nginx, you will need version 3.0, for Apache you need to select version 2.9. This does not depend on the geoip database.
Got it.

I use already ModSec 3.0 + Nginx + OWASP.

I'll try this night to install Geo2ip lite database and configure it with ModSec.

Thanks.
 
Hello @Peter Debik ,

When I try to save the custom directives in ModSec, this error occur:

Invalid ModSecurity configuration: nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/modsecurity.d/main.conf. Line: 6. Column: 44. Expecting an action, got: Include /etc/nginx/modsecurity.d/rules.conf in /etc/nginx/conf.d/modsecurity.conf:6 nginx: configuration file /etc/nginx/nginx.conf test failed

Any idea please ?
 
Well, you'll need to check what is in line 6, column 44 or right before or right behind that.
 
@Peter Debik , I have checked this file /etc/nginx/modsecurity.d/main.conf but I see nothing in Line 6
 

Attachments

  • Screenshot from 2023-04-04 11-03-57.png
    Screenshot from 2023-04-04 11-03-57.png
    27.7 KB · Views: 19
@Peter Debik , I have tried again, I can't save this Custom directives in ModSecurity.

I use Nginx + ModSec 3.0 + OWASP . Maybe this Workaround II work only for Apache ?
 

Attachments

  • Screenshot from 2023-04-04 12-21-56.png
    Screenshot from 2023-04-04 12-21-56.png
    74.1 KB · Views: 11
For the files I think the include is seen expanded, so you'd need to investigate further down in the included files. Regarding Nginx ModSecurity 3.0: This can be considered experimental. I am not sure if it indeed works with the rules. I think it should, but have not tested it.

Plesk is in the process or creating a general geo IP blocking feature, so maybe, if you want to save some time and it is not too urgent for you, it will be an option to just wait on that feature to be released. It is planned for 2023 and it is already being worked on.
 
For the files I think the include is seen expanded, so you'd need to investigate further down in the included files. Regarding Nginx ModSecurity 3.0: This can be considered experimental. I am not sure if it indeed works with the rules. I think it should, but have not tested it.

Plesk is in the process or creating a general geo IP blocking feature, so maybe, if you want to save some time and it is not too urgent for you, it will be an option to just wait on that feature to be released. It is planned for 2023 and it is already being worked on.
Okay, I'll wait so.

Do I need to uninstall Geo2ip lite database PACKAGE or I can keep it ?
 
That's merely unpacked files, not a system service. So it should not matter whether they are there or not unless they are addressed by any software. If there is no software that uses them, they can be removed.
 
For the files I think the include is seen expanded, so you'd need to investigate further down in the included files. Regarding Nginx ModSecurity 3.0: This can be considered experimental. I am not sure if it indeed works with the rules. I think it should, but have not tested it.

Plesk is in the process or creating a general geo IP blocking feature, so maybe, if you want to save some time and it is not too urgent for you, it will be an option to just wait on that feature to be released. It is planned for 2023 and it is already being worked on.
Hello @Peter Debik ,

Sincerely, it's urgent now. I receive a lot of fake comments each day from a lot of IPs based in Russia/ China.

If I solve this, no bad bots from Russia and China can access to my site.

Can you confirm in the last post that the documentation apply for Plesk Obsidian ?
 
Yes, it applies to Plesk Obsidian.
Got it.

I have successfully configured this in my server. All work as expected.

If I want to combine multiple ISO CODE (Countries) in 1 function, is it possible ? I have tried with , and space, but it doesn't work.

Code:
if ($geoip2_data_country_code = "XX") {
        return 403;
}
 
Apparently, i must run a weekly update for geoipupdate, so I need to create a cron tab.

This cron tab below is correct ?

Code:
# top of crontab

[email protected]

0 12 * * 3 geoipupdate

# end of crontab
 
If I want to combine multiple ISO CODE (Countries) in 1 function, is it possible ? I have tried with , and space, but it doesn't work.
Nginx does not support logical "or". Your best bet is to let the first if-section follow by another for the other country code. But: Nginx has issues with "if" in general, so it could lead to crashes. If is Evil… when used in location context | NGINX

I think the cron entry is correct, but maybe you need to add the full path to geoipupdate.
 
Back
Top