• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Plesk Panel Log and Cloudflare - log doesn't show Real IP

K

Katog Choling

New Pleskian
Server operating system version
Ubuntu 22.04.3 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.55.0
Using Cloudflare (free tier), my plesk.log doesn't show the real IP address. I've successfully configured the real IP logging for Nginx and Apache using the information here, which is working fine for the nginx and apache logs etc. However, it doesn't seem to have any effect on the plesk.log which only shows the Cloudflare IP.

The reason this is a problem is that a nefarious source is attempting to log into the panel every 11 minutes and I'd like to block the IP - but it's only showing the Cloudflare address:

panel.log
Code: 
...
[2023-09-06 14:58:59.533] 73515:64f893b382232 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.38.254"
[2023-09-06 14:58:59.563] 73515:64f893b382232 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.38.254
[2023-09-06 15:09:56.988] 73655:64f89644f1287 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.230.2"
[2023-09-06 15:09:57.024] 73655:64f89644f1287 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.230.2
[2023-09-06 15:20:51.101] 73845:64f898d318924 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.38.254"
[2023-09-06 15:20:51.129] 73845:64f898d318924 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.38.254
[2023-09-06 15:31:36.396] 74038:64f89b5860b89 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.38.254"
[2023-09-06 15:31:36.430] 74038:64f89b5860b89 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.38.254

Is there a way to get the plesk.log to record the real IP?
Is there another way to find the real IP?
How can I block this?
 
Yes, I'm aware that the Cloudflare proxy rewrites the origin IP address and specifies the client's IP address in an additional HTTP header. How do I configure Plesk so that the Plesk panel.log records the origin address - just like we can do for the apache and nginx logs?
 
In the panel.ini file I see entries for:

[panel]realIpFrom127.0.0.1
[panel]realIpHeaderX-Forwarded-For
[log]show.sourcefalse

Could changing any of these help? Or some other setting in the panel.ini file?
 
As currently sw-cp-server does not include realip module, use one of the solutions below:
  1. Use a custom domain name (or a hostname) with a 443 port for Plesk access: Administrator's Guide: Customizing Plesk URL.
    In this case, the frontend nginx that includes realip module handles the request. The official solution provided by Cloudflare may be used in this case: Couldflare: Restoring original visitor IPs
  2. Use a custom domain name or a subdomain, for example, https://plesk.hostname without Cloudflare as the entry point to Plesk. In this case, there will be no CDN in front of Plesk.
  3. Configure Plesk to trust Cloudflare.
    Currently, there is a [restriction when Plesk does not allow IP ranges in the configuration. Such behavior is known as the Plesk bug with ID #PPP-52375, which is planned to be fixed in future Plesk updates.
    However, it is possible to use some particular IP addresses. The lines like the below may be added to the panel.ini file. Add them using the Panel.ini Editor extension or by modifying the /usr/local/psa/admin/conf/panel.ini directly on the server:
    [panel]
    realIpFrom = 127.0.0.1, <CloudflareIP1>, <CloudflareIP2>
 
You must log in or register to reply here.

Similar threads

S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
905
sulabhpuri
S
H
Question MariaDB doesn't start after upgrade
Replies
3
Views
1K
Kaspar@Plesk
Kaspar@Plesk
A
Resolved 500 Plesk\Exception\Database
Replies
1
Views
1K
ayadai
A
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
3K
Lenny
Lenny
TimReeves
Fail2Ban Jail needed for /var/log/sw-cp-server/error_log
Replies
5
Views
7K
roon
R
Back
Top