Resolved Fail2Ban blocks local host IP despite whitelisted

[Bitpalast]

Plesk 12.5.30 #48, CentOS 7.2

The Wordpress jail has blocked the public IPv4 of the local host, although it is whitelisted in the "trusted addresses" section.

The same is happening with the Apache jail. It is also blocking a whitelisted public IPv4 address.

Its the first time that this occurs on our systems. Unblocking works, but as Nginx forwards continue to Apache, fail2ban blocks again. It seems as if it ignores the whitelist.

 

[Bitpalast]

Adding the IP to /etc/fail2ban/jail.conf into ignoreip variable and restarting fail2ban does not solve the issue.

 

[Bitpalast]

It seems that the script example provided in https://kb.plesk.com/en/122407 is missing a very important point: The script example adds an "ignoreip" instruction to the /etc/fail2ban/jail.local file. However, this instruction overrides the default whitelist. Plesk only edits the default whitelist when changes are made in the GUI whitelist function of fail2ban, but it does not add the IPs to the individual jail's ignoreip command. That seems to cause the issue that Apache and Wordpress jails ban the public IPv4 address of the host although it is listed in the whitelist. It is listed in the default whitelist, but it is not listed in the jails' whitelists.

So either the script examples in https://kb.plesk.com/en/122407 should be updated with a hint that besides the localhost IP the public IPv4 of the server should be added, or the "ignoreip" command should be omitted from the examples in general.