Email notifications/alerts for Modsecurity (WAF)
It will be great to have the ability to receive an email notification from Modsecurity (WAF) when protection has been breached with corresponding breach information (SQL injection, Command injection, Cross-site scripting, etc.).
Thank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
If you would like to get an email notification for ModSecurity, you can do so, by setting a Fail2Ban jail for ModSecurity, and then get the email notifications.
So in Fail2Ban, what worked for me was adding second line under action =....
sendmail[mailcmd='/usr/sbin/sendmail -f "<sender>" "<dest>"', dest="firstname.lastname@example.org", sender="fail2ban", sendername="Fail2Ban", name="jail_name"]
Note: You may do so for various jails.
TRILOS new media commented
Since even the default components of Plesk Obsidian get in conflict with WAF rules, I see this as a critical feature for providing stable services. It would also help detecting brute force attacks early.