• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question ModSecurity & Fail2Ban w/ Plesk Subscription behind proxy server

R

rowingpeter_s

New Pleskian
ModSecurity and Fail2Ban are working well, however, we have one plesk subscription that sits behind a separate proxy server so the Real-IP that is recorded in modsec_audit.log is the IP address of the proxy server. As a result, it is the proxy server [rather than requesting client] that is being banned when ModSecurity rules are triggered.

The ModSecurity log contains both

X-Real-IP: 31.3.246.xxx
X-Forwarded-For: 41.13.216.yyy

We really want to configure so requests are blocked when the "X-Forwarded-For: 41.13.216.yyy" header is present.

It looks as though this could be quite a simple adjustment to the default filters/jails that are provided with Plesk Onyx. Looking for help with how to achieve this.
 
This explains a generic approach very well but it would be great to know if there is a simpler / tried and tested way to apply within Plesk.

Fail2Ban Behind A Proxy/Load Balancer – Centos.Tips

I had thought that it wouldn't be possible as IPTables would only ban the IP address of the proxy. The CentOS article suggests with Packet Inspection we can look for an X-Forwarded-For header and the relevant IP address in the packet and then drop it.
 
You must log in or register to reply here.

Similar threads

D
Issue Incorrect logging of IP from Plesk Windows under Reverse Proxy
Replies
7
Views
4K
dairuru
D
T
Question Plesk Odoo Nginx Reverse Proxy
Replies
4
Views
4K
Edinson
E
J
Issue Default plesk-apache-badbot fail2ban doesn't work
Replies
14
Views
630
pleskpanel
P
S
Resolved FORBIDDEN ACCESS
Replies
2
Views
2K
soliu
S
raykai
Issue Fail2ban not correctly banning IPs from users passing through Cloudflare even if real visitor's IPs are blocked by Fail2ban.
Replies
2
Views
2K
raykai
raykai
Back
Top