Knowledge Base

IP addresses are being banned by the Fail2Ban “plesk-modsecurity” jail, when working in WordPress admin dashboard

Symptoms

When working in WordPress admin dashboard, the user’s IP address is being blocked by Fail2Ban.
The Fail2Ban “plesk-modsecurity” jail is enabled in Plesk.
Imunify360 rules-set is used for ModSecurity (Tools & Settings > Web Application Firewall (ModSecurity) > Settings).

The following message appears in /var/log/modsec_audit.log:

referer: https://example.com/wp-admin/edit.php?post_type=page
...
--a620201a-H--
Message: Operator EQ matched 1 at TX:trapped. [file "/etc/httpd/conf/modsecurity.d/rules/custom/000_i360_0.conf"] [line "182"] [id "33314"] [msg "RTrack: G:post=5556&action=edit& P: F: FC:||T:APACHE||PC:32291||R:200"] [severity "DEBUG"]
[tag "i360"] [tag "noshow"]

Cause

According to Imunify360 installation guide, Imunify360 is incompatible with fail2ban.

Resolution

Log in to Plesk.
Disable fail2ban at Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab.

Related Posts

NGINX vs Apache – Which Is the Best Web Server in 2022?

WordPress Firewall – Why Do You Need One?

How Does GDPR Affect Your eCommerce Business?

Knowledge Base

On Plesk server with both fail2ban and Imunify360 turned on, IP addresses are intermittently banned

How does ModSecurity + Fail2Ban + Imunify360 work together in a server with Plesk?

All websites on Plesk server periodically unavailable after accessing WordPress comments or working in WordPress dashboard

Plesk for Linux services logs and configuration files

Hosting Wiki