Knowledge Base

All websites on Plesk server periodically unavailable after accessing WordPress comments or working in WordPress dashboard

 
applications extensionsfail2banfirewallipplesk for linux

Symptoms

  • All websites on Plesk server periodically unavailable after accessing WordPress comments or working in WordPress dashboard

  • Comodo ruleset is enabled in ModSecurity at Tools & Settings > Web Application Firewall (Modsecurity): 
    comodo.JPG

  • ‘plesk-modsecurity’ jail is enabled at Tools & Settings > IP Address Banning (Fail2Ban) > Jails:
    modsec.JPG

Cause

IP address banned by fail2ban triggered by ModSecurity rule match alert.

At Tools & Settings > Web Application Firewall (Modsecurity) > ModSecurity Log File the following message appeared:

Message: Warning. String match "get" at REQUEST_METHOD. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/27_Apps_WPPlugin.conf"] [line "4595"] [id "222212"] [rev "2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"]

Resolution

Solution 1. Log into Plesk and switch ModSecurity ruleset to Atomic Standard in Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings:
atomic.JPG

Solution 2. Disable the ModSecurity rule with id 222212 using instruction from: How to disable specific ModSecurity rules in Plesk

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2022 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WP Toolkit
Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt