Facebook
TwitterHi @AlL!
Currently I have two Plesk 12 Linux servers running. One of them uses apache only (a virtual server), the other (a bare metal server) has been "autoinstalled" and uses apache and nginx. Unfortunately the second server has a major security risk, since all attacks on the default domains - i.e. the server's IPs - are logged to /var/log/httpd/access_log with the local destination ips only, which is complete nonsense IMO and renders fail2ban useless. Additionally nginx logs the same requests with the source ips, but there doesn't seem to be any fail2ban filter available for that in Plesk 12. Which sick mind did come up with such a lousy/lunatic construct? However, what I need to know is:
How can this be changed safely so that apache logs the real source ips and fail2ban can drop them?
Currently I have two Plesk 12 Linux servers running. One of them uses apache only (a virtual server), the other (a bare metal server) has been "autoinstalled" and uses apache and nginx. Unfortunately the second server has a major security risk, since all attacks on the default domains - i.e. the server's IPs - are logged to /var/log/httpd/access_log with the local destination ips only, which is complete nonsense IMO and renders fail2ban useless. Additionally nginx logs the same requests with the source ips, but there doesn't seem to be any fail2ban filter available for that in Plesk 12. Which sick mind did come up with such a lousy/lunatic construct? However, what I need to know is:
How can this be changed safely so that apache logs the real source ips and fail2ban can drop them?
