Local IP address blocked by feature fail2ban

[Thomas Becker]

Hello,
there is a strange problem with the new feature fail2ban.
I have noticed that a local ip address (ip address from the webserver itself) was added to the blocked ip addresses of fail2ban now for the second time.
What I can see is that it was the recidive jail.

If there is nginx used as reverse proxy you get a "502 Bad Gateway".
Could you please tell me if there is a way to find out more about the reason why an ip address is added to the list of blocked ip addresses in fail2ban? Thanks.

Regards Thomas

 

[InderS]

Do you received any alert from Fail2Ban regarding the IP block ? If yes, please update here so that we can check why your IP is block on your server

And Fail2Ban is working with the iptables so iptables will not block your server Ip in iptables.

If you want to add any IP in allow list you can do it through Plesk >> Tools & Settings > IP Address Banning (Fail2Ban) > Trusted IP Addresses > Add Trusted IP.

 

[Thomas Becker]

Hello InderS,
in fail2ban log there I can find some entries like that:
fail2ban.actions[21339]: WARNING [plesk-apache] Ban xx.xx.xx.xx

Where xx.xx.xx.xx is the IP address of the hosting of the site where you get 502 while browsing on the website.

I manually added all local IP addresses to whitelist of fail2ban and this works.
But why is fail2ban banning the local IP? Can Nginx be the reason?

Maybe Plesk should add the local IPs automatically to the whitelist of fail2ban. But it should be better to find the reason for banning.

Regards Thomas