Question roundcube ip block

[ciB]

Server operating system version

Ubuntu 18.04.6 LTS

Plesk version and microupdate number

Plesk Obsidian 18.0.42 Update #1

Hi,

I have an issue which I not totally understand.
When our clients at work login to roundcube (not in our network) multiple users try to aaccess roundcube from the same ip address. After several login (attempts) no more useres can login to roundcube because of "too many tries". Obviously, I would like to whitelist our staitc ip so that useres from within our network do not get locked out of roundcube. Since the ip address is already whitelistet in fail2ban, it seems that roundcube itelf has another protecton layer, but I do not know what/where to configure a whitelist in roundcube.

I found a setting called "['login_rate_limit']" in the roundcube config, which is set to 3. Should I just remove/set it to zero so that I can fully rely on fail2ban? Any help to configure this correctly would be appreciated.

Cheers,
ciB

 

[Kaspar]

It isn't clear to me from the Roundcube documentation if you can disabled the login_rate_limit by setting it to zero. Perhaps you can, you'll have try to see what happens. Note that if that actually does disable the login_rate_limit, it's disabled for all users/vistors/ip addresses.

 

[ciB]

It isn't clear to me from the Roundcube documentation if you can disabled the login_rate_limit by setting it to zero. Perhaps you can, you'll have try to see what happens. Note that if that actually does disable the login_rate_limit, it's disabled for all users/vistors/ip addresses.

Which would not be a problem, since fail2ban is also setup to work with roundcube. Here the limit for example is set to 5, which is not even reached because of the rate limit of roundcube. I am going to test $config['login_rate_limit'] = 0; and going to report back.

 

[ciB]

So, I failed logging in to roundcube with more than five tries, but fail2ban does not jail my ip.

The config is setup as following (default):

[plesk-roundcube]
enabled = true
filter = plesk-roundcube
action = iptables-multiport[name="plesk-roundcube", port="http,https,7080,7081"]
logpath = /var/log/plesk-roundcube/errors
maxretry = 5

Is there something else I need to do?

 

[ciB]

Now suddenly banned ips show up in plesk-roundcube (some cloudflare ips), but my IP from my phone is not showing up - is it because my requests that I send manually form my phone are too slow? Although findtime is set to 660, and I have no other setting for roundcube set...

 

[ciB]

So, turned out that since our server is protected by cloudflare, I had to add some extra headers to nginx (see https://support.plesk.com/hc/en-us/...behind-load-balancer-or-reverse-forward-proxy)
Now, I can see my ip being put in jail after 5 failed attempts - unfortunatley I can still continue trying to login AND even can successfully login with the correct password. What am I missing now? I have not changed the standard action in the jail, its currently set to

iptables-multiport[name="plesk-roundcube", port="http,https,7080,7081"]

 

[Nik G]

hello @ciB ,
probably you can modify /usr/share/psa-roundcube/program/include/rcmail.php:621
to disable internal anti-bruteforce system.

but it is on your own risk.

upd:
another one thing, please check that you have no antibruteforce plugin for roundcube installed
you can check it at /usr/share/psa-roundcube/plugins/

 

[ciB]

Well, setting the rate limit to 0 actually reactivated the brute force protection from roundcube. Fail2ban now bans my correct ip Adresse after 5 failed login attempts, but the ban had no effect - I can still continue trying to login in.