Resolved Can Plesk block a specific incoming IP address?

[David Jimenez]

I run our domain through Cloudflare and have it setup with no DNS wildcards. So, only our domain.com and www.domain.com have A records. Today we have seen a few hundred attempts by a single IP address out of China to hit our server asking for a file that doesn't exist (wpad.dat).

I have blocked that IP address at the Cloudflare firewall, but it keeps making it through to our server. Cloudflare says that the IP address isn't showing up in their logs so they have found a way to get directly to our server. I didn't think that was possible, but now I need to find a way to block them directly at the server.

Is this possible with Plesk? I don't see a security setting that allows me to enter an IP address as such.

Thanks

 

[UFHH01]

Hi David Jimenez,

you are able to use the "Plesk Firewall" for your goal, or you should consider to use Fail2ban.

=> The Plesk Firewall (Linux)

=> Protection Against Brute Force Attacks (Fail2Ban)

 

[David Jimenez]

Thank you for that information, but the article on Plesk Firewall doesn't match what I have in my Plesk Tools & Settings. Under Security, all I have is:

• Security Policy
• SSL Certificates
• Restrict Creation of Subzones
• Additional Administrator Accounts
• Active Plesk Sessions
• Active FTP Sessions
• Session Idle Time
• Restrict Administrative Access
• Prohibited Domain Names

There is no direct mention of Firewall as best as I can tell. Maybe I am missing something?

 

[UFHH01]

Hi David Jimenez,

in order to be able to see the ( additional ) extension in "Tools & Settings", you certainly have to install it first ( "HOME > Updates and Upgrades" ) .

​

or consider to install it over the command line ( as user "root" ):

plesk installer --select-product-id plesk --select-release-current --install-component psa-firewall

 

[David Jimenez]

So, just to make sure I got this right. I was able to do the install of the firewall. Now, I want to ONLY allow incoming traffic to our web site from Cloudflare IP address. So, I modified the WWW Server setting to:

Allow incoming from 103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 104.16.0.0/12, 108.162.192.0/18, 131.0.72.0/22, 141.101.64.0/18, 162.158.0.0/15, 172.64.0.0/13, 173.245.48.0/20, 188.114.96.0/20, 190.93.240.0/20, 197.234.240.0/22, 198.41.128.0/17, 199.27.128.0/21, 2400:cb00::/32, 2405:8100::/32, 2405:b500::/32, 2606:4700::/32, 2803:f800::/32, 2a06:98c0::/29, 2c0f:f248::/32

Just want to make sure that I put this in the right category.

 

[UFHH01]

Hi David Jimenez,

I hope for you, that you never want to update/upgrade/patch your server, or use mail - related services, because if you completely block other traffic, but the ones you defined, you will experience issues on your server ( just inspect the corresponding log - files, pls. ).

 

[David Jimenez]

Mail is on another box, so that isn't an issue. Problem is Plesk won't accept those changes. I keep getting the following message:

Warning: The current configuration has not been activated. The system has been reverted to the previous configuration. This has occured because there were connection problems between your browser and the server. Most probably, the reason is that you have arranged the configuration so that connections from your computer to the server are prohibited.