• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue How to properly configure Fail2Ban for ModSecurity in Plesk with NGINX?

Kulturmensch

Kulturmensch

Regular Pleskian
Server operating system version
Ubuntu 22.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.67 Update #3
Hello everyone,

I have successfully installed ModSecurity with NGINX on my Plesk server. Now, I want to use Fail2Ban to permanently block IPs of attackers that ModSecurity identifies.

However, after installation, I noticed that the configuration files for ModSecurity were missing in Fail2Ban. Additionally, the plesk-modsecurity service could not be activated.

Could someone provide the original content of the Plesk Fail2Ban configuration files for ModSecurity? I would like to restore them and ensure they work correctly with my NGINX setup.

Thanks in advance!
 
Jail
Code: 
[plesk-modsecurity]
enabled = true
filter = plesk-modsecurity
action = iptables-multiport[name="plesk-modsecurity", port="80,443,7080,7081", protocol="tcp,udp"]
logpath = /var/log/modsec_audit.log
maxretry = 4

Filter
Code: 
[Definition]
failregex = ^(?:\[.*?\]\s\S*)\s<HOST>\s
ignoreregex = ^\[.*?\]\s\S*\s<HOST>\s.*\s\1
    collection_store
    collections_remove_stale
 
Thank you for your quick response! Unfortunately, Fail2Ban didn’t work because it couldn’t find any IPs in the ModSecurity audit log files, and ModSecurity itself stopped logging unexpectedly. As a result, I had to remove it again. Additionally, switching from the selected Apache rule set (2.9) to my proxy NGINX rule set (3.0) didn’t work either. I’ll give ModSecurity another try once it proves to be more stable in my environment.
 
You must log in or register to reply here.

Similar threads

Kulturmensch
Issue Modsecurity works with Apache but error with nginx
Replies
5
Views
805
Raul A.
R
I
Issue Modsecurity stops working every night
Replies
13
Views
6K
ivanes82
I
Kulturmensch
Resolved ModSecurity configuration files and directives remain on the server after its removal
Replies
5
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
T
Issue ModSecurity and bad gateway 500 nginx
Replies
3
Views
747
tomaszt
T
ic3_2k
Issue Problem with Modsecurity 2.9. Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection
Replies
1
Views
802
Peter Debik
P
Back
Top