Question
How does ModSecurity + Fail2Ban + Imunify360 work together in a server with Plesk?
Answer
These security tools are working separately on different levels:
-
According to Imunify360 installation guide, Imunify360 is incompatible with fail2ban. If Imunify360 is being used, disable fail2ban at Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab
-
Imunify360 uses the same algorithm as ModSecurity: both work based on analyzing Apache requests. Moreover, if it is already not on the server, ModSecurity with special Imunify360 ruleset will be installed along with extension installation.
It’s also recommended to disable any third-party mod_security vendors except Imunify360 ruleset (especially OWASP and Comodo ). These rulesets can cause large number of false-positives and duplicate Imunify360 ruleset. Hosting Panels Firewall Rulesets Specific Settings
The following ruleset is installed along with Imunify360:
# plesk sbin modsecurity_ctl -L –enabled
custom