• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question DokuWiki gets my banned from my Plesk server

V

vic666

New Pleskian
I could observe many times in the last few weeks that everytime I click around a bit more enthusiastically in DokuWiki, a private Wiki I have set up as a subdomain in Plesk, there comes a point when the page won't load anymore and I can't reach any website anymore hosted on my Plesk server.

Apparently, what happens is that I get banned. So I ssh into the server, turn off fail2ban, and everything works again.

Any idea why this is happening? Is this a matter of setting up fail2ban differently or is this an issue with DokuWiki?
 
Just some additional info: I see a couple of these messages

2020-12-06 19:03:18,124 fail2ban.filter [418]: INFO [plesk-apache] Found 185.72.69.130 - 2020-12-06 19:03:18

Before I get

2020-12-06 19:03:18,263 fail2ban.filter [418]: INFO [recidive] Found 185.72.69.130

And yes, 185.72.69.130 is the IP adress of the computer from which I'm accessing the Wiki and Plesk, respectively.
 
Look into your error_log if you find any "client denied by server configuration" entries. These would point to some files or directories that are protected through a web server rule (e.g. a rule in .htaccess). If such resources are frequently requested, it will trigger the Apache jail.
 
Hi Peter, thanks for replying so quickly. I ran grep -r -i "client denied" * within /var/log with no result. Furthermore, I checked the following log files manually:

/var/log/sw-sp-server/error_log
/var/log/apache2/error.log
/var/log/ngingx/error.log
/var/log/plesk-php75-fm/error.log

None of these log contain any entries at all at or around the time when this happened. The entries that are there are from before and don't seem at all relevant.
 
These are probably the wrong logs. Look into the logs directory in the subscription that descend from /var/www/vhosts/<subscription>/logs.
 
Hi Peter,

Thanks for the hint. Since I was thrown out by the entire web server, I didn't think to look in the vhost logs. And sure enough, there are plenty of those client denied messages. Here just the most recent entries before another ban:

Code: 
logs/wiki.example.com/error_log:[Sun Dec 06 19:31:14.725055 2020] [authz_core:error] [pid 25869:tid 139756147042048] [client 185.72.69.130:34262] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=group:km-erpsoft-viewer:sidebar&do=admin
logs/wiki.example.com/error_log:[Mon Dec 07 15:34:46.800374 2020] [authz_core:error] [pid 19799:tid 139756524517120] [client 188.154.92.172:43928] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=start&do=admin
logs/wiki.example.com/error_log:[Mon Dec 07 15:36:29.617935 2020] [authz_core:error] [pid 19799:tid 139756524517120] [client 188.154.92.172:44226] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=start&do=admin
logs/wiki.example.com/error_log:[Mon Dec 07 18:31:55.617115 2020] [authz_core:error] [pid 19799:tid 139756541302528] [client 84.254.95.98:50662] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=start&do=admin
logs/wiki.example.com/error_log:[Mon Dec 07 18:37:27.336370 2020] [authz_core:error] [pid 19798:tid 139756675520256] [client 84.254.95.98:51174] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=group:km-erpsoft-viewer:sidebar&do=admin

The IP address starting with 84 is mine and clearly got blocked. If the message in the PNG filename is to be believed, it seems that all is set up correctly, though.

Thoughts?
 
You must log in or register to reply here.

Similar threads

L
Question Fail2ban ignorecommand
Replies
5
Views
640
Peter Debik
P
carlsson
Issue Really strange problem – I can't use my SMTP server intermittently
Replies
2
Views
251
carlsson
carlsson
J
Issue Default plesk-apache-badbot fail2ban doesn't work
Replies
14
Views
656
pleskpanel
P
H
Question Migrating from Centminmod to Plesk Obsidian on a Dedicated Hetzner Server
Replies
1
Views
152
Kaspar
K
M
Issue My plesk server is completely down
Replies
6
Views
1K
Kaspar@Plesk
Kaspar@Plesk
Back
Top