• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Web Application Firewall crash after Upgrade from 12.5.30 to Onyx

fabian koeppel

Basic Pleskian
Hello

I have Update my Server from Plesk 12.5.30 to Onyx and from Ubuntu 14.04 to 16.04
now i have the Problem when i have the Web Apllication Firewall ON so every morning ( all Day ) al Websites have the "Bad Gatteway 503 Error" Wehn i make OFF the Web Apllication Firewall All Websites run. I can Web Apllication Firewall OF and ON. now all websites Work again for 1 Day. On morning all websites again "Bad Gateway 503 Error"

fail2ban is not the Problem. I have this ON. And never ip is in Bann list. And i have also the IP from the server in whiteliste from fail2ban. The Problem is the Web Apllication Firewall. On Plesk 12.5.30 works Web Apllication Firewall perfect. Ond Onyx i have crash all day.
 
Hi fabian koeppel,

sorry, but your conclusion/investigation, that the "Web Application Firewall crashes" is just wrong.

As you might know, the "Web Application Firewall" is an apache - module ( ModSecurity ), so each time you "switch it on" or "switch it off", your apache - webserver will restart with the new configuration ( module on / module off ). With this information, you should now investigate the APACHE - log for errors/issues/problems and due to the fact that you state "every morning", it leads us to a combination of apache and your daily logrotation, where the root cause might be. ;)



Now that you are closer to a possible root cause, you should consider to use the => SEARCH option ( at the forum and at the => Plesk Knowledge-Base ) and you will be surprised, that your described issue, in combination with apache and logrotation has been discussed quite a few times at Plesk forum threads ( the today search result amount is 130 ) and Plesk even provides a suggestion in a depending KB - article, how you could solve such an issue.

 
oh thank you. i have read https://kb.plesk.com/128431 and i have absolut the same logs entries. /var/log/apache2/error.log.1 ( bevor apache make e new file ( logrotation) i have also

[timestamp] [mpm_event:notice] [pid 20056:tid 140176783820672] AH00493: SIGUSR1 received. Doing graceful restart
[timestamp] [core:notice] [pid 20056] AH00060: seg fault or similar nasty error detected in the parent process

on /var/log/apache2/error.log i do not have the entrie. Only on /var/log/apache2/error.log.1 bevor make a new log file. and crash timestamp is identical the error.log entrie.

I have make the following Resolutions As described in the article

1. mpm_event to mpm_prefork
2. Apache restart interval' to 60 seconds
3. Change "/etc/init.d/apache2 reload" to "/etc/init.d/apache2 restart

Whether problem solved, I'll see in about 24 hours. I will report here.

thanks.
 
ah sorry i have not see the Point 4 whit /etc/logrotate.d/mod_security" now i have also change /etc/logrotate.d/mod_security" from
/etc/init.d/apache2 reload to
/etc/init.d/apache2 restart

thanks

I'll see in about 24 hours. I will report here.
 
Problem is fixed. Thank you UFHH01. Your solution has fixed it.

Here again summarized.

1. mpm_event to mpm_prefork ( in Plesk Webgui Home > Tools & Settings > Apache Web Server Settings )
2. Apache restart interval' to 60 seconds ( In Plesk Webgui Home > Tools & Settings > Apache Web Server Settings )
3. In /etc/logrotate.d/apache2 Change: "/etc/init.d/apache2 reload" to "/etc/init.d/apache2 restart
4. In /etc/logrotate.d/mod_security change: /etc/init.d/apache2 reload to /etc/init.d/apache2 restart
 
Back
Top