• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Plesk 12.5.30 + CentOs7 + Fail2Ban jail "recidive" = 502 Bad Gateway nginx

Antonio Volpe

Antonio Volpe

New Pleskian
After the last update # 41 the jail "recidive" generates the error "502 Bad Gateway nginx" blocking access to websites. To allow access to sites I had to disable the jail. Have you any suggestions to reactivate it without incurring the error 502?
 
Hi Antonio Volpe,

such issues can appear, when your website coding is inadequate and leads to missing images, non-existent links and so on.
But to inform you, it is NOT the "recidive" jail, which is blocking IPs for "bad behaviour" of your visitor - it's for example the jail "apache-nohome.conf", with failregex - expressions, as for example:
Code: 
...
failregex = ^%(_apache_error_client)s (AH00128: )?File does not exist: .*/~.*

ignoreregex =
...
Example:
Let's assume, that you coded your website to serve "favicon", with the URL "https//www.YOUR-DOMAIN.COM/favicon.ico", but your icon is not existent at this URL, then visitors will get punished for this inadequate coding, because YOU directed them with your website - code to ask for a icon at the above path, but each time your visitor request the file, your webserver doesn't serve the icon with the answer "File does not exist" ( Pls. see your domain - specific log - files for such issues/problems/errors - so you can correct your inadequate coding! ).
As you can see, Fail2Ban doesn't do anything wrong here, it just bans IPs, with the filters, that YOU define. ;) The "recidive" - jail just bans "returning" IPs, so when Fail2Ban recognizes a returning IP, which get banned again and again, then it will ban this specific IP for a longer time now ( as defined in your jail! ). The "recidive" - jail monitors your "fail2ban.log" and not any webserver - log - files. ;)
 
Hello UFHH01,

sorry for dropping in, but after reading your answer I got concerned about something like this happenning to me as well, so I've looked at my ip2ban jails and filters and I didn't find a rule like the one you cited (btw, I have updated to #41 too before checking).

To be honest I think it would be an abomination to ban anybody for triggering "404"s (unless we are talking about hundreds of them by the second).

Can you please confirm that such a rule does not exists in Plesk standard configuration?

TIA, Sergio.
 
Sergio Manzi said:
Can you please confirm that such a rule does not exists in Plesk standard configuration?
Click to expand...
Sure... this is absolutely "confirmed".

I just wanted to describe, what the root cause of this issue might be, so I pointed out a jail from the official Fail2Ban github repo: https://github.com/fail2ban/fail2ban/blob/0.10/config/filter.d/apache-nohome.conf
Often enough, people activate all existent jails ( even those which are not inspected! ) and find themselve in situations as described.

Plesk standard jails are named with "plesk-" at "/etc/fail2ban/filter.d".
 
Last edited by a moderator:
Hi UFHH01,
I first of all thank you for the answer. I just want to point out that the jail "recidive" of the error 502 not only on sites that have no picture but also empty index.html:
<html>
<Head>
<Title> Untitled </ title>
</ Head>
<Body> </ body>
</ Html>)
or in the placeholder pages of plesk.
However I am comforted to know that those to whom I owe sytare careful jails are named with "plesk-.
Thanks!
 
Last edited:
You must log in or register to reply here.

Similar threads

Tim Clarke
Issue Problems with recidive jail
Replies
3
Views
641
La Linea
L
Mario Chamorro
Input Webmail 502 Bad Gateway
Replies
0
Views
1K
Mario Chamorro
Mario Chamorro
C
Issue 502 Bad Gateway - after applying updates
Replies
2
Views
2K
CChris
C
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
1K
Bitpalast
Bitpalast
P
Question Plesk login 8443 cannot be called up
Replies
8
Views
925
Kaspar@Plesk
Kaspar@Plesk
Back
Top