Plesk & SocialBee have teamed up. Save 30% now!

Knowledge Base

IP addresses are being banned by the Fail2Ban “plesk-modsecurity” jail, when working in WordPress admin dashboard

Symptoms

When working in WordPress admin dashboard, the user's IP address is being blocked by Fail2Ban.
The Fail2Ban "plesk-modsecurity" jail is enabled in Plesk.
Imunify360 rules-set is used for ModSecurity (Tools & Settings > Web Application Firewall (ModSecurity) > Settings).
The following message appears in /var/log/modsec_audit.log:

referer: https://example.com/wp-admin/edit.php?post_type=page
...
--a620201a-H--
Message: Operator EQ matched 1 at TX:trapped. [file "/etc/httpd/conf/modsecurity.d/rules/custom/000_i360_0.conf"] [line "182"] [id "33314"] [msg "RTrack: G:post=5556&action=edit& P: F: FC:||T:APACHE||PC:32291||R:200"] [severity "DEBUG"]
[tag "i360"] [tag "noshow"]

Cause

According to Imunify360 installation guide, Imunify360 is incompatible with fail2ban.

Resolution

Log in to Plesk.
Disable fail2ban at Tools & Settings > IP Address Banning (Fail2Ban) > Settings tab.

Related Posts

Your Complete .htaccess Guide: Including .htaccess Basics and More

Using Fail2ban to Secure Your Server

NGINX vs Apache – Which Is the Best Web Server in 2024?

Knowledge Base

A website hosted in Plesk or the webmail page for it fails to load when ModSecurity is enabled

How do ModSecurity + Fail2Ban + Imunify360 work together in a server with Plesk?

On Plesk server with both fail2ban and Imunify360 turned on, IP addresses are intermittently banned

All websites on Plesk server periodically unavailable after accessing WordPress comments or working in WordPress dashboard

Hosting Wiki