• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Why do firewall rule changes only work sometimes?

David Jimenez

David Jimenez

Basic Pleskian
I have the Plesk firewall and Fail2Ban running. I also monitor our server logs to see if a particular IP address rings up a bunch of 404 error trying to get into our server. When I find such an entry (meaning Fail2Ban didn't trigger due to small variations in the log in attempt), I enter the IP address in a simple rule I setup in the firewall that denies all access to that specific IP address.

The problem is that about 50% of the time, I get the following message from Plesk when trying to activate the rule change: Warning: The current configuration has not been activated. The system has been reverted to the previous configuration. This has occured because there were connection problems between your browser and the server. Most probably, the reason is that you have arranged the configuration so that connections from your computer to the server are prohibited.

This isn't a complicated rule and it isn't trying to deny access to everyone.

Any idea why I get this warning? If I wait awhile and try again, it will go through.
 
In my original setup, I only listed the source IP address and said to deny incoming. I did not include any information on ports. That was accepted just fine for the first couple of IP addresses. The problem started on the third entry. I just tried again, but added a range of tcp port numbers and it was happy. Not sure if this was a coincidence or if it is a requirement. If the latter, not sure why it worked the first couple of times.
 
I need some additional help. After setting up the firewall rule to deny incoming from 199.33.126.82 on TCP 1-10000, that IP address still gets through to the server. Can someone tell me what I did wrong so that I can stop this pest?
 
Update: I increased the port range to the maximum allowed by Plesk of 1-65000 for both TCP and UDP. I also changed the settings to only allow our corporate IP address on SSH. But 199.33.126.82 is still finding a way to get onto our server. Anyone have an idea of what to do to kill off this jerk?

Update 2: I changed the Apache settings to add the IP address to the deny list. Now he gets a 403 instead of a 404, but would still like to prevent him from getting to the site all together. I found a script using .htaccess using ReWrite, but I need to learn how to turn that function on in Apache and then restart Apache to make the script work.
 
Last edited:
Back to my original issue with updating Plesk firewall rules. I am now getting a different message when I add another IP address. Again, it worked yesterday during the day, but I started getting this last night and today:

Error: Could not activate firewall configuration:

safeact: safeact: I did not receive connectivity confirmation after applying new firewall configuration, then same happened after I reverted to previous configuration. This means that both new and previous configurations were bad. Emergency rollback to configuration without rules was performed. Firewall is now disabled. Fix your rules and try again.
 
You must log in or register to reply here.

Similar threads

A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
939
Raul A.
R
T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
369
TurabG
T
S
Issue Cant activate the plesk firewall
Replies
5
Views
871
martinez.marcias@gmai
M
P
Issue plesk firewall 2.1.5-412 still has problems
2
Replies
20
Views
3K
PeterKi
P
brother4
Question Custom rules for Mod Seruity 3.0 Nginx - WordPress protection
Replies
2
Views
257
brother4
brother4
Back
Top