Question
How do ModSecurity + Fail2Ban + Imunify360 work together in a server with Plesk?
Answer
All three tools DO NOT work in synergy. Please choose one of the following options below that serves your needs the best and avoid installing any other (including 3rdparties that are not listed).
Compatible and safe to use:
-
ModSecurity+Fail2Ban:
When ModSecurity is enabled a rule "plesk-modsecurity" is created at Plesk > Tools & Settings > IP Address Banning (Fail2Ban) > Jails.
When ModSecurity is triggered for X times (defined in Fail2Ban settings) by a certain IP address this IP address is banned by Fail2Ban for Y seconds. -
Imunify360 only:
Imunify360 uses the same algorithm as ModSecurity: both work based on analyzing Apache requests.
Imunify360 installs ModSecurity component with special Imunify360 ruleset. The ruleset can be checked via CLI:# plesk sbin modsecurity_ctl -L --enabled
custom
Not compatible:
-
Imunify360+Fail2Ban:
According to Imunify360 installation guide, Imunify360 is incompatible with Fail2Ban.
If Imunify360 is being used, disable Fail2Ban at Plesk > Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab. -
Imunify360+ModSecurity with standard rulesets (e.g. OWASP and Comodo):
It is strongly recommended to disable any other mod_security rulesets except Imunify360 ruleset (especially OWASP and Comodo). These rulesets can cause a large number of false positives and duplicate the Imunify360 ruleset. Consider using only Imunify360 ruleset to avoid such behavior. Please check the Imunify360 documentation for details: Hosting Panels Firewall Rulesets Specific Settings