Issue Plesk Internal Monitoring & 360 Showing False 403s

[IanJSaul]

Server operating system version

Ubuntu 20.04.4 LTS

Plesk version and microupdate number

Version 18.0.45 Update #2, last updated on Aug 14, 2022 07:07 AM

Aloha!

I've got an odd issue occurring with just 2 of ten nearly identical sites, they show as offline in monitoring, but are fully accessible and operating correctly.

All use DNS through Cloudflare, with Strict SSL/Origin CAs.

All sites have identical cache settings and optimizations.

They have been showing offline for over 24 hours, not short outage notifications by any means.

Nothing is jumping out at me in the logs, however, or I'm not looking in the correct areas.

Thanks for attention and assistance.

 

[Kaspar]

Just be sure I understand the issue correctly; you're websites are working fine but Plesk monitoring shows them being offline with 403 errors?

 

[Adam Makowski]

Cloudflare block 360 monitoring bots. Please Disable Bot fight mode in Cloudflare. I reported this bug to Plesk team.

 

[IanJSaul]

Yes, that's correct.

I've experimented with disabling the "Always Online" feature from Cloudflare to see if this was masking an issue, and there is no impact.

There is one other site that is occasionally showing "503 - Unavailable", and it is fully accessible as well.

Only the monitoring of the sites seems to be where issues exist.

Since posting this query, I've whitelisted all Cloudflare IPs in modsecurity and ipban.

I see a new recommendation from @myft above, and I'll try disabling bot fight mode now.

Thanks!

 

[Adam Makowski]

I disabled Bot Fight Mode and monitoring work good.

 

[IanJSaul]

Ok, so this issue is still ongoing for some of the sites, and not others.

Enabling "Bot Fight Mode" will result in a "503 Unavailable" report in monitoring.

The "403 Forbidden" doesn't appear to be impacted by flipping bot mode on or off.

Anyone else experiencing similar issues?

 

[Adam Makowski]

Web Application Firewall modsecurity you use? try to turn it off, I also had this problem

 

[afuego]

Ok, so this issue is still ongoing for some of the sites, and not others.

Enabling "Bot Fight Mode" will result in a "503 Unavailable" report in monitoring.

The "403 Forbidden" doesn't appear to be impacted by flipping bot mode on or off.

Anyone else experiencing similar issues?

Yes, I experienced this issue with Bot Fight Mode off. After whitelisting all Monitoring360 ip addresses I need one more step, to go to Advanced Settings in Monitoring360 and change IP version to ipv4. When using Cloudflare your ip may be ipv6 and cause some confusion. (Thanks to Pablo from Plesk Support to assist me with this)



Here is a python script to easy the pain of whitelisting all the Monitoring360 ip addresses.

import requests

# Cloudflare API details
api_token = 'cloudflare_api_token'  # Your actual token
zone_id = 'cloudflare_zone_id'  # Your actual zone ID

# IP addresses to whitelist
ip_addresses = [
    "104.238.152.43", "108.61.241.142", "116.202.19.127", "116.202.19.155",
    "116.203.118.7", "116.203.132.27", "116.203.198.39", "116.203.233.120",
    "116.203.239.26", "116.203.34.150", "116.203.51.60", "116.203.78.154",
    "116.203.83.180", "128.140.106.217", "128.140.113.7", "128.140.114.147",
    "135.181.47.119", "135.181.47.53", "135.181.85.71", "136.244.99.211",
    "142.132.225.96", "149.248.51.165", "149.28.168.226", "149.28.70.57",
    "154.38.188.63", "154.38.188.70", "154.38.188.71", "155.133.7.189",
    "155.133.7.190", "155.133.7.191", "162.55.37.127", "167.235.31.59",
    "167.235.31.61", "167.235.50.149", "168.119.98.26", "188.138.88.128",
    "195.201.114.80", "195.201.33.39", "207.148.11.143", "209.126.105.183",
    "213.32.156.56", "216.238.105.167", "216.238.73.19", "217.172.182.99",
    "23.88.103.18", "23.88.127.150", "23.88.37.51", "23.88.44.194",
    "31.220.100.234", "31.220.100.243", "31.220.101.1", "31.220.101.4",
    "31.220.103.140", "31.220.103.141", "31.220.103.142", "31.220.103.143",
    "31.220.103.144", "31.220.103.145", "31.220.103.146", "31.220.103.147",
    "45.32.132.233", "45.63.109.119", "45.76.111.202", "45.77.38.130",
    "45.77.98.111", "46.250.254.91", "46.250.254.92", "49.12.110.221",
    "49.12.35.156", "49.12.9.143", "49.13.136.104", "49.13.201.151",
    "49.13.87.186", "5.104.80.101", "5.104.80.118", "5.104.81.110",
    "5.161.124.144", "5.161.186.44", "5.161.189.249", "5.161.196.124",
    "5.161.41.211", "5.161.75.231", "5.161.78.57", "5.161.84.202",
    "5.161.86.62", "5.75.132.49", "5.75.179.145", "5.75.255.64",
    "62.75.216.18", "66.42.93.216", "69.64.52.37", "70.34.203.153",
    "78.141.232.8", "78.46.206.34", "78.46.208.48", "78.47.112.255",
    "78.47.154.90", "78.47.205.130", "84.247.154.4", "84.247.154.5",
    "85.25.117.18", "85.25.208.97", "85.25.226.85", "95.179.220.67",
    "95.217.235.103"
]

# Cloudflare API endpoint
url = "https://api.cloudflare.com/client/v4/zones/{}/firewall/access_rules/rules".format(zone_id)

headers = {
    "Authorization": "Bearer {}".format(api_token),
    "Content-Type": "application/json"
}

for ip in ip_addresses:
    data = {
        "mode": "whitelist",
        "configuration": {
            "target": "ip",
            "value": ip
        },
        "notes": "Monitoring360 Service"
    }
   
    response = requests.post(url, headers=headers, json=data)
   
    print(f"Request data for IP {ip}: {data}")
    print(f"Response: {response.status_code} - {response.json()}")
   
    if response.status_code == 200:
        print("Successfully whitelisted {}".format(ip))
    else:
        print("Failed to whitelist {}: {}".format(ip, response.json()))

When you create your custom token in Cloudflare make sure you set Account to read, Firewall Settings to edit.

Hope this helps!