Knowledge Base

IP addresses are being banned by the Fail2Ban “plesk-modsecurity” jail, when working in WordPress admin dashboard

Symptoms

When working in WordPress admin dashboard, the user's IP address is being blocked by Fail2Ban.
The Fail2Ban "plesk-modsecurity" jail is enabled in Plesk.
Imunify360 rules-set is used for ModSecurity (Tools & Settings > Web Application Firewall (ModSecurity) > Settings).
The following message appears in /var/log/modsec_audit.log:

referer: https://example.com/wp-admin/edit.php?post_type=page
...
--a620201a-H--
Message: Operator EQ matched 1 at TX:trapped. [file "/etc/httpd/conf/modsecurity.d/rules/custom/000_i360_0.conf"] [line "182"] [id "33314"] [msg "RTrack: G:post=5556&action=edit& P: F: FC:||T:APACHE||PC:32291||R:200"] [severity "DEBUG"]
[tag "i360"] [tag "noshow"]

Cause

According to Imunify360 installation guide, Imunify360 is incompatible with fail2ban.

Resolution

Log in to Plesk.
Disable fail2ban at Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab.

Related Posts

NGINX vs Apache – Which Is the Best Web Server in 2023?

Debugging in WordPress Explained

Why Do You Need PHP FastCGI Process Manager?

Knowledge Base

Duplicate entries in Plesk WordPress Toolkit: nginx: [emerg] duplicate location “/fake-hotlink-stub”

Unable to secure WordPress instance in Plesk: Permissions for files and directories still marked as Not Secure

[BUG] Unable to edit some files with File Manager in Plesk via HTTPS: file loads indefinitely

Database import or WordPress cloning fails: Access denied; you need (at least one of) the SUPER privilege(s) for this operation

Hosting Wiki