• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Plesk Internal Monitoring & 360 Showing False 403s

IanJSaul

New Pleskian
Server operating system version
Ubuntu 20.04.4 LTS
Plesk version and microupdate number
Version 18.0.45 Update #2, last updated on Aug 14, 2022 07:07 AM
Aloha!

I've got an odd issue occurring with just 2 of ten nearly identical sites, they show as offline in monitoring, but are fully accessible and operating correctly.

All use DNS through Cloudflare, with Strict SSL/Origin CAs.

All sites have identical cache settings and optimizations.

They have been showing offline for over 24 hours, not short outage notifications by any means.

Nothing is jumping out at me in the logs, however, or I'm not looking in the correct areas.

Thanks for attention and assistance.
 
Just be sure I understand the issue correctly; you're websites are working fine but Plesk monitoring shows them being offline with 403 errors?
 
Yes, that's correct.

I've experimented with disabling the "Always Online" feature from Cloudflare to see if this was masking an issue, and there is no impact.

There is one other site that is occasionally showing "503 - Unavailable", and it is fully accessible as well.

Only the monitoring of the sites seems to be where issues exist.

Since posting this query, I've whitelisted all Cloudflare IPs in modsecurity and ipban.

I see a new recommendation from @myft above, and I'll try disabling bot fight mode now.

Thanks!
 
Ok, so this issue is still ongoing for some of the sites, and not others.

Enabling "Bot Fight Mode" will result in a "503 Unavailable" report in monitoring.

The "403 Forbidden" doesn't appear to be impacted by flipping bot mode on or off.

Anyone else experiencing similar issues?
 
Ok, so this issue is still ongoing for some of the sites, and not others.

Enabling "Bot Fight Mode" will result in a "503 Unavailable" report in monitoring.

The "403 Forbidden" doesn't appear to be impacted by flipping bot mode on or off.

Anyone else experiencing similar issues?
Yes, I experienced this issue with Bot Fight Mode off. After whitelisting all Monitoring360 ip addresses I need one more step, to go to Advanced Settings in Monitoring360 and change IP version to ipv4. When using Cloudflare your ip may be ipv6 and cause some confusion. (Thanks to Pablo from Plesk Support to assist me with this)

1719412019903.png

Here is a python script to easy the pain of whitelisting all the Monitoring360 ip addresses.

Code:
import requests

# Cloudflare API details
api_token = 'cloudflare_api_token'  # Your actual token
zone_id = 'cloudflare_zone_id'  # Your actual zone ID

# IP addresses to whitelist
ip_addresses = [
    "104.238.152.43", "108.61.241.142", "116.202.19.127", "116.202.19.155",
    "116.203.118.7", "116.203.132.27", "116.203.198.39", "116.203.233.120",
    "116.203.239.26", "116.203.34.150", "116.203.51.60", "116.203.78.154",
    "116.203.83.180", "128.140.106.217", "128.140.113.7", "128.140.114.147",
    "135.181.47.119", "135.181.47.53", "135.181.85.71", "136.244.99.211",
    "142.132.225.96", "149.248.51.165", "149.28.168.226", "149.28.70.57",
    "154.38.188.63", "154.38.188.70", "154.38.188.71", "155.133.7.189",
    "155.133.7.190", "155.133.7.191", "162.55.37.127", "167.235.31.59",
    "167.235.31.61", "167.235.50.149", "168.119.98.26", "188.138.88.128",
    "195.201.114.80", "195.201.33.39", "207.148.11.143", "209.126.105.183",
    "213.32.156.56", "216.238.105.167", "216.238.73.19", "217.172.182.99",
    "23.88.103.18", "23.88.127.150", "23.88.37.51", "23.88.44.194",
    "31.220.100.234", "31.220.100.243", "31.220.101.1", "31.220.101.4",
    "31.220.103.140", "31.220.103.141", "31.220.103.142", "31.220.103.143",
    "31.220.103.144", "31.220.103.145", "31.220.103.146", "31.220.103.147",
    "45.32.132.233", "45.63.109.119", "45.76.111.202", "45.77.38.130",
    "45.77.98.111", "46.250.254.91", "46.250.254.92", "49.12.110.221",
    "49.12.35.156", "49.12.9.143", "49.13.136.104", "49.13.201.151",
    "49.13.87.186", "5.104.80.101", "5.104.80.118", "5.104.81.110",
    "5.161.124.144", "5.161.186.44", "5.161.189.249", "5.161.196.124",
    "5.161.41.211", "5.161.75.231", "5.161.78.57", "5.161.84.202",
    "5.161.86.62", "5.75.132.49", "5.75.179.145", "5.75.255.64",
    "62.75.216.18", "66.42.93.216", "69.64.52.37", "70.34.203.153",
    "78.141.232.8", "78.46.206.34", "78.46.208.48", "78.47.112.255",
    "78.47.154.90", "78.47.205.130", "84.247.154.4", "84.247.154.5",
    "85.25.117.18", "85.25.208.97", "85.25.226.85", "95.179.220.67",
    "95.217.235.103"
]

# Cloudflare API endpoint
url = "https://api.cloudflare.com/client/v4/zones/{}/firewall/access_rules/rules".format(zone_id)

headers = {
    "Authorization": "Bearer {}".format(api_token),
    "Content-Type": "application/json"
}

for ip in ip_addresses:
    data = {
        "mode": "whitelist",
        "configuration": {
            "target": "ip",
            "value": ip
        },
        "notes": "Monitoring360 Service"
    }
   
    response = requests.post(url, headers=headers, json=data)
   
    print(f"Request data for IP {ip}: {data}")
    print(f"Response: {response.status_code} - {response.json()}")
   
    if response.status_code == 200:
        print("Successfully whitelisted {}".format(ip))
    else:
        print("Failed to whitelist {}: {}".format(ip, response.json()))


When you create your custom token in Cloudflare make sure you set Account to read, Firewall Settings to edit.

Hope this helps!
 
Back
Top