• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved WordPress + Fail2Ban... strange behavior with a error status of 403

MicheleB

Regular Pleskian
Hello,
I had a WordPress installation that every time the users opened in their browsers, after 5 pages/click (Fail2Ban settings) Fail2Ban blocked their IP (jail used: plesk-apache).

In the browser's inspection panel I found an error, status of 403 (Forbidden) for a single file ([http://www.website.com/wp-content/themes/starter/quick-style.php]).

I've removed this 403 error and the website returned to works good, without more IP blacklist.

My question is... is it a normal behavior that Fail2Ban block an IP for a 403 error?

Thanks.
 
Last edited:
Hi MicheleB,

My question is... is it a normal behavior that Fail2Ban block an IP for a 403 error?
Yes, if you apply the filter, to avoid brute-force login attempts, then this behaviour is absolutely as expected. Pls. consider to investigate the filter - regex for the specific filter ( in your case: "/etc/fail2ban/filter.d/plesk-apache.conf" ), to verify for yourself, why the filter is blocking IPs.
 
Ok, thanks.

I've tried to investigate the filter but I didn't find the file "/etc/fail2ban/filter.d/plesk-apache.conf".
 
Hi MicheleB,

my suggestion might be misleading, because I just guessed the filter - name from your error message. Pls. have a look at your "/etc/fail2ban/jail.d/plesk.conf" or "jail.local" configuration file, to identify your correct filter name:

Example:

...
# HTTP servers
[plesk-apache]

enabled = false
action = iptables-multiport[name=apache, port="http,https,7080,7081"]
filter = apache-auth
logpath = /var/www/vhosts/system/*/logs/error_log
/var/log/apache2/*error.log
/var/www/vhosts/system/*/logs/*access*log
/var/log/apache2/*access.log
maxretry = 6
 
Back
Top