• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.

sulabhpuri

New Pleskian
Server operating system version
Plesk Obsidian v18.0.65_build1800241122.08 os_Ubuntu 22.04
Plesk version and microupdate number
v18.0.65
Hi,
We are facing error 521, when Plesk tries to connect to Cloudflare.
Fail2Ban keeps auto-banning all Cloudflare IPs resulting in the server going down. To bring it back up we have to unban the iPS.

Also, Plesk is not showing the correct IPs in the error logs.
it logs Cloudflare iPS and not the origin/original IPS from where the error request originated.

We have tried - https://support.plesk.com/hc/en-us/...lare-CDN-proxy-or-Google-Cloud-Load-Balancing

and IP Addresses Management

But nothing seems to work.

We are on DO and use Cloudflare.

Please help.

Thanks.
 
@sulabhpuri you should add the Cloudflare IP ranges to the Trusted IP Addresses list: /admin/server-protection/trusted-list

it logs Cloudflare iPS and not the origin/original IPS from where the error request originated.
This might have to do with your Cloudflare configuration. I believe you need to configure CF to forward the correct ip addresses.
 
Adding Cloudflare IP ranges will enabled unlimied brute forcing against the server. The cause for blacking Cloudflare IPs is that attacks are coming through these IPs. When you whitelist them, you'll enable attackers to bypass Fail2Ban. Cloudflare is good for DDoS protection (in a limited way), but it has been causing issues for Fail2Ban not blocking the IP of the origin, but the IP of the requestor (Cloudflare) for months.
 
Adding Cloudflare IP ranges will enabled unlimied brute forcing against the server. The cause for blacking Cloudflare IPs is that attacks are coming through these IPs. When you whitelist them, you'll enable attackers to bypass Fail2Ban. Cloudflare is good for DDoS protection (in a limited way), but it has been causing issues for Fail2Ban not blocking the IP of the origin, but the IP of the requestor (Cloudflare) for months.
Yes, that is what I was thinking, Putting the CF IP range will just enable them.

Should I put Multi-Factor Authentication (MFA) on? Will that help?

 
Back
Top