Knowledge Base

IP addresses are being banned by the Fail2Ban “plesk-modsecurity” jail, when working in WordPress admin dashboard

Symptoms

When working in WordPress admin dashboard, the user’s IP address is being blocked by Fail2Ban.
The Fail2Ban “plesk-modsecurity” jail is enabled in Plesk.
Imunify360 rules-set is used for ModSecurity (Tools & Settings > Web Application Firewall (ModSecurity) > Settings).

The following message appears in /var/log/modsec_audit.log:

referer: https://example.com/wp-admin/edit.php?post_type=page
...
--a620201a-H--
Message: Operator EQ matched 1 at TX:trapped. [file "/etc/httpd/conf/modsecurity.d/rules/custom/000_i360_0.conf"] [line "182"] [id "33314"] [msg "RTrack: G:post=5556&action=edit& P: F: FC:||T:APACHE||PC:32291||R:200"] [severity "DEBUG"]
[tag "i360"] [tag "noshow"]

Cause

According to Imunify360 installation guide, Imunify360 is incompatible with fail2ban.

Resolution

Log in to Plesk.
Disable fail2ban at Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab.

Related Posts

How Does GDPR Affect Your eCommerce Business?

The Quick-Start Guide for Plesk eCommerce Toolkit Users

NGINX vs Apache – Which Is the Best Web Server in 2021?

Knowledge Base

On Plesk server with both fail2ban and Imunify360 turned on, IP addresses are intermittently banned

How does ModSecurity + Fail2Ban + Imunify360 work together in a server with Plesk?

All websites on Plesk server periodically unavailable after accessing WordPress comments or working in WordPress dashboard

Plesk for Linux services logs and configuration files