Symptoms
-
Sites for particular country show:
502 Bad Gateway
-
In
/var/www/vhosts/system/example.com/logs/error_log
below error can be found:[Mon May 07 07:20:13.324316 2018] [:error] [pid 5522:tid 140219235301120] [client 203.0.113.2:47900] [client 203.0.113.2] ModSecurity: [file "/etc/httpd/conf/plesk.conf.d/modsecurity.conf"] [line "2"] [id "10"] [msg "Blocking BAD IP Address"] Access denied with connection close (phase 1). Pattern match "^(UA|LT|EG|RO|BG|TR|PK|MY|RU|CN)$" at GEO:COUNTRY_CODE. [hostname "example.com"] [uri "/favicon.ico"] [unique_id "Wu-iDVJ1stQOUHxdzoBC2wAAAJU"], referer: http://example.com/
-
In Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings there are custom rules:
SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:10,drop,log,msg:'Blocking BAD IP Address'"
#SecRule GEO:COUNTRY_CODE "@streq UA"
SecRule GEO:COUNTRY_CODE "@rx ^(UA|LT|EG|RO|BG|TR|PK|MY|RU|CN)$"
SecRule REQUEST_HEADERS:User-Agent "AhrefsBot" "id:'300002',phase:2,t:none,log,deny,msg:'Blocking Ahrefs bot'"
Cause
ModSecurity blocks IP adresses from the country.
Resolution
-
Go to Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings
-
Remove the custom directives