Sites for particular country show: 502 Bad Gateway

Symptoms

• Sites for particular country show:

  502 Bad Gateway

• In /var/www/vhosts/system/example.com/logs/error_log below error can be found:

  [Mon May 07 07:20:13.324316 2018] [:error] [pid 5522:tid 140219235301120] [client 203.0.113.2:47900] [client 203.0.113.2] ModSecurity: [file "/etc/httpd/conf/plesk.conf.d/modsecurity.conf"] [line "2"] [id "10"] [msg "Blocking BAD IP Address"] Access denied with connection close (phase 1). Pattern match "^(UA|LT|EG|RO|BG|TR|PK|MY|RU|CN)$" at GEO:COUNTRY_CODE. [hostname "example.com"] [uri "/favicon.ico"] [unique_id "Wu-iDVJ1stQOUHxdzoBC2wAAAJU"], referer: http://example.com/

• In Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings there are custom rules:

  SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
  SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:10,drop,log,msg:'Blocking BAD IP Address'"
  #SecRule GEO:COUNTRY_CODE "@streq UA"
  SecRule GEO:COUNTRY_CODE "@rx ^(UA|LT|EG|RO|BG|TR|PK|MY|RU|CN)$"
  SecRule REQUEST_HEADERS:User-Agent "AhrefsBot" "id:'300002',phase:2,t:none,log,deny,msg:'Blocking Ahrefs bot'"

Cause

ModSecurity blocks IP adresses from the country. 

Resolution

1. Login to Plesk

2. Go to Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings

3. Remove the custom directives