• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Why do firewall rule changes only work sometimes?

David Jimenez

David Jimenez

Basic Pleskian
I have the Plesk firewall and Fail2Ban running. I also monitor our server logs to see if a particular IP address rings up a bunch of 404 error trying to get into our server. When I find such an entry (meaning Fail2Ban didn't trigger due to small variations in the log in attempt), I enter the IP address in a simple rule I setup in the firewall that denies all access to that specific IP address.

The problem is that about 50% of the time, I get the following message from Plesk when trying to activate the rule change: Warning: The current configuration has not been activated. The system has been reverted to the previous configuration. This has occured because there were connection problems between your browser and the server. Most probably, the reason is that you have arranged the configuration so that connections from your computer to the server are prohibited.

This isn't a complicated rule and it isn't trying to deny access to everyone.

Any idea why I get this warning? If I wait awhile and try again, it will go through.
 
In my original setup, I only listed the source IP address and said to deny incoming. I did not include any information on ports. That was accepted just fine for the first couple of IP addresses. The problem started on the third entry. I just tried again, but added a range of tcp port numbers and it was happy. Not sure if this was a coincidence or if it is a requirement. If the latter, not sure why it worked the first couple of times.
 
I need some additional help. After setting up the firewall rule to deny incoming from 199.33.126.82 on TCP 1-10000, that IP address still gets through to the server. Can someone tell me what I did wrong so that I can stop this pest?
 
Update: I increased the port range to the maximum allowed by Plesk of 1-65000 for both TCP and UDP. I also changed the settings to only allow our corporate IP address on SSH. But 199.33.126.82 is still finding a way to get onto our server. Anyone have an idea of what to do to kill off this jerk?

Update 2: I changed the Apache settings to add the IP address to the deny list. Now he gets a 403 instead of a 404, but would still like to prevent him from getting to the site all together. I found a script using .htaccess using ReWrite, but I need to learn how to turn that function on in Apache and then restart Apache to make the script work.
 
Last edited:
Back to my original issue with updating Plesk firewall rules. I am now getting a different message when I add another IP address. Again, it worked yesterday during the day, but I started getting this last night and today:

Error: Could not activate firewall configuration:

safeact: safeact: I did not receive connectivity confirmation after applying new firewall configuration, then same happened after I reverted to previous configuration. This means that both new and previous configurations were bad. Emergency rollback to configuration without rules was performed. Firewall is now disabled. Fix your rules and try again.
 
You must log in or register to reply here.

Similar threads

P
Issue plesk firewall 2.1.5-412 still has problems
2
Replies
20
Views
2K
PeterKi
P
E
Resolved NGinx deny rules and Firewall (iptables?)
Replies
4
Views
1K
epertinez
E
A
Question Some security questions
Replies
2
Views
129
amba1980
A
Pascal_Netenvie
Issue Cloudflare and Firewall rules
Replies
3
Views
863
Pascal_Netenvie
Pascal_Netenvie
P
Issue block per ip in firewall rules
Replies
2
Views
932
Pavlo.UA
P
Back
Top