• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Removing firewall and modsecurity crashed the server

DieterWerner

DieterWerner

Regular Pleskian
After removing modsecurity and firewall (I used 'Updates and Upgrades' of the Plesk Paneel) the server was down.
Neither the Plesk login nor a website was reachable.

I did:
# plesk installer --select-release-current --install-component psa-firewall
# plesk installer --select-release-current --install-component modsecurity
# service sw-engine restart && service sw-cp-server restart
# plesk repair installation
# plesk repair all -y
but nothing was sucsessful and so I had to do a restore of a backup file.

I'm frustrated again and remember the good old times of 'Webmin'
 
Well, it's hard to guess what the problem was because you did not provide any information that could be helpful. Simply stating "server was down" or "website not reachable" leaves us with a wide range of possible reasons. As you already fixed the problem yourself by restoring a backup, there's nothing anybody here in the forum could do for you.

But just to give an example, if you run into such a problem again in the future then I'd do the following checks first:
  • What is the exact nature of the problem? What's the exact error message? Can I reproduce it?
  • What's the state of the network? Is the interface up? Can I reach my default gateway? Can I resolve any hostnames?
  • What's the state of the firewall? Default policy? Any rules active? Do I log blocked packets? (if not, then do it!)
  • When I try to connect to the website, do I get "connection refused"? Or "connection timed out"? (Those 2 are fundamentally different, btw)
  • Do I have any process running that listens on port 80 and 443? If yes, what's in the logs of those processes? Ever tried to restart them?
  • What's in my syslog logs? What was logged around the time I did the modification? Anything unusual in the logs?
  • What modifications have actually been performed on the system? What does my package manager logfile say? Is there any package that was inadvertently removed? Am I really aware of what I did? Am I aware of what the system did? Does this match what I intended to do? Why did I even do what I did?
I'm sure there's lots more you can do, but those are the questions I'd ask myself before asking for help in a community forum and/or ranting about how everything was supposedly better with Webmin (Spoiler: It wasn't!).

Just because there is a nice Web GUI does not mean that no skills are required anymore. It is vital for anybody who administers a system to know exactly what the system is doing and how to check for problems and how to deal with them, all on the shell, independent of a Web GUI.
 
DieterWerner said:
After removing modsecurity and firewall (I used 'Updates and Upgrades' of the Plesk Paneel) the server was down.
Neither the Plesk login nor a website was reachable.

I did:
# plesk installer --select-release-current --install-component psa-firewall
# plesk installer --select-release-current --install-component modsecurity
# service sw-engine restart && service sw-cp-server restart
# plesk repair installation
# plesk repair all -y
but nothing was sucsessful and so I had to do a restore of a backup file.

I'm frustrated again and remember the good old times of 'Webmin'
Click to expand...

@DieterWerner

Please do a full server reboot from the command line : it would enforce all processes to restart - this would enable you to

a) identify services that are not started and try to fix that, (and)

b) make sure that you are not trying to repair a Plesk installation that has been temporarily malfunctioning due to some broken/malfunctioning service,

and please note that point b is merely mentioned because I am pretty sure that you did aggravate the issue by running plesk repair on a broken system with some issues on services that are not managed by the Plesk Repair CLI utility.

One small tip : in the case of any firewall related issues, it can be valuable to

1 - make a copy of /opt/psa/var/modules/firewall/firewall-active.sh before the reboot (!) (read: just put it somewhere in the root directory)

2 - check and compare the output from iptables after the reboot

3 - re-install Plesk Firewall extension and compare the (new) firewall-active.sh with the contents of the old ones (from steps 1 and 2)

and not that this tip is given, due to the simple facts that

- the firewall-active.sh script contains the iptables rules that the Plesk Firewall extension uses (amongst others and primarily for persistence) AND
- the contents of that script are not always perfect : a small deviation from what it should be could have big consequences.

In short, try to investigate the issue at hand ......... before running any utility like plesk repair.

Regards........
 
You must log in or register to reply here.

Similar threads

A
Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian
Replies
1
Views
581
Abernathy
A
J
Resolved Can't login at Plesk admin panel (Plesk Onyx 17.0.17)
Replies
6
Views
10K
JVG
J
D
Question Service Unavailable port 8443 Plesk Not Working
Replies
1
Views
440
Kaspar@Plesk
Kaspar@Plesk
M
Issue No Domain Reachable when nginx enabled
Replies
11
Views
6K
mvstns
M
A
Issue Server Error 502 Bad Gateway /
Replies
11
Views
3K
dlabsnl
D
Back
Top