Symptoms
-
When working in WordPress admin dashboard, the user's IP address is being blocked by Fail2Ban.
-
The Fail2Ban "plesk-modsecurity" jail is enabled in Plesk.
-
Imunify360 rules-set is used for ModSecurity (Tools & Settings > Web Application Firewall (ModSecurity) > Settings).
-
The following message appears in /var/log/modsec_audit.log:
referer: https://example.com/wp-admin/edit.php?post_type=page
...
--a620201a-H--
Message: Operator EQ matched 1 at TX:trapped. [file "/etc/httpd/conf/modsecurity.d/rules/custom/000_i360_0.conf"] [line "182"] [id "33314"] [msg "RTrack: G:post=5556&action=edit& P: F: FC:||T:APACHE||PC:32291||R:200"] [severity "DEBUG"]
[tag "i360"] [tag "noshow"]
Cause
According to Imunify360 installation guide, Imunify360 is incompatible with fail2ban.
Resolution
- Log in to Plesk.
-
Disable fail2ban at Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab.