Skip to content

EhudZ

My feedback

49 results found

  1. 8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    Hi,

    If you would like to get an email notification for ModSecurity, you can do so, by setting a Fail2Ban jail for ModSecurity, and then get the email notifications.

    So in Fail2Ban, what worked for me was adding second line under action =....

    to be:

    ```
    sendmail[mailcmd='/usr/sbin/sendmail -f "<sender>" "<dest>"', dest="email@recipient.com", sender="fail2ban", sendername="Fail2Ban", name="jail_name"]
    ```

    Note: You may do so for various jails.

    EhudZ supported this idea  · 
  2. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. 9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    I have noted Plesk Toolkit SYNC possibly seem to damage file permission, so the need is for Plesk component, to identify what process changed file permission.

    EhudZ supported this idea  · 
  5. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. 6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

    EhudZ supported this idea  · 
  9. 11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    Since Plesk 18.0.46 Nginx is shipped with GeoIP module. Please see https://docs.plesk.com/en-US/obsidian/administrator-guide/website-management/websites-and-domains/extended-website-management/plesk-for-linux-setting-up-ip-geolocation-for-a-website.80011/


    While this feature request is asking for an Apache module, we are wondering whether this is still needed as the same goals can be achieved with Nginx GeoIP in a much better way with less server resources. 

    Please comment in this feature request why you still need the Apache GeoIP module. 

    -- PD

    An error occurred while saving the comment
    EhudZ commented  · 

    1) Download the Geo2ip lite database:

    # curl -Lo /usr/share/GeoIP/GeoLiteCountry.dat.gz https://dl.miyuru.lk/geoip/dbip/country/dbip4.dat.gz

    Or download some other DB files from:

    GeoIP Legacy Databases

    Or, a paid one from Maxmind.

    Note: 1) The IP Data Base file should be updated once in a month (/a while) as IPs are transferred between ISPs in various countries. The Maxmind file updates about once a month.
    Note: 2) The Maxmind file FORMAT is expected to be change on May 2022. If not updating to a newer ModSecurity suitable module, the near future (from May 2022) Maxmind file should be converted to the legacy used file format. On December 2021, it downloads as file.dat.gz, so note the two file formats in the file name, before its uncompressed.

    2) uncompress the file (Converted the zip *.gz file to a *.dat file):

    # gunzip /usr/share/GeoIP/GeoLiteCountry.dat.gz

    3) Uploaded the COUNTRY file to:

    # /usr/share/GeoIP/GeoLiteCountry.dat

    An error occurred while saving the comment
    EhudZ commented  · 

    Such feature may be achieved using ModSecurity GeoIP module on Plesk.

    Below is a full guidance:

    ModSecurity Blocking Countries Guidance

    1) Download the Geo2ip lite database:

    # curl -Lo /usr/share/GeoIP/GeoLiteCountry.dat.gz https://dl.miyuru.lk/geoip/dbip/country/dbip4.dat.gz

    Or download some other DB files from:

    GeoIP Legacy Databases

    Or, a paid one from Maxmind.

    Note: 1) The IP Data Base file should be updated once in a month (/a while) as IPs are transferred between ISPs in various countries. The Maxmind file updates about once a month.
    Note: 2) The Maxmind file FORMAT is expected to be change on May 2022. If not updating to a newer ModSecurity suitable module, the near future (from May 2022) Maxmind file should be converted to the legacy used file format. On December 2021, it downloads as file.dat.gz, so note the two file formats in the file name, before its uncompressed.

    2) uncompress the file (Converted the zip *.gz file to a *.dat file):

    # gunzip /usr/share/GeoIP/GeoLiteCountry.dat.gz

    3) Uploaded the COUNTRY file to:

    # /usr/share/GeoIP/GeoLiteCountry.dat

    4) Enable GeoIP in a file according to which ModSecurity Rule set is used:

    For OWASP:
    # vi /etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/10-crs-setup.conf

    un-commented the following line:
    SecGeoLookupDB /usr/share/GeoIP/GeoLiteCountry.dat

    5) Manually Create a ModSecurity rule

    Using OWASP:
    # touch /etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/country_block.conf
    Using COMODO:
    # touch /etc/apache2/modsecurity.d/rules/comodo_free/country_block.conf

    Place the rule in the just created file:

    SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:99999932392,drop,log,msg:'Blocking %{geo.country_code}'"

    SecRule GEO:COUNTRY_CODE "@pm XX XX XX"

    Note: "XX" are to be replaced with the actual country codes.
    Also rule id (in the above example - "99999932392") should be unique, otherwise, the apache2 service wouldn't

    Country two charts ISO code list is available here:

    ISO 3166-1 alpha-2 - Wikipedia

    You may copy country code already set in one line, from the below example, blocking all countries, but not USA, Canada, Russia, most Western European countries, and Israel.

    SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:99999932392,drop,log,msg:'Blocking %{geo.country_code}'"

    SecRule GEO:COUNTRY_CODE " @pm AF AG AI AL AM AO AQ AR AS AW AX AZ BA BB BD BF BG BH BI BJ BL BM BN BO BQ BR BS BT BV BW BY BZ CC CD CF CG CI CK CL CM CN CO CR CU CV CW CX CZ DJ DM DO DZ EC EE EG EH ER ET FJ FK FM FO GA GD GE GF GG GH GI GL GM GN GP GQ GS GT GU GW GY HK HM HN HR HT HU ID IE IM IN IO IQ IR JE JM JO KE KG KH KI KM KN KP KR KW KY KZ LA LB LC LK LR LS LY MA MD ME MF MG MH MK ML MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ NA NC NE NF NG NI NP NR NU OM PA PE PF PG PH PK PL PM PN PR PS PT PW PY QA RE RO RS RW SA SB SC SD SG SH SI SJ SK SL SN SO SR SS ST SV SX SY SZ TC TD TF TG TH TJ TK TL TM TN TO TR TT TV TW TZ UA UG UM UY UZ VA VC VE VG VI VN VU WF WS XK YE YT ZA ZM ZW"

    6) Test server configuration and fix before restart if needed:

    # apachectl configtest

    7) Restart the server, to make sure the new configuration takes place:

    # systemctl restart apache2

    8) Test the blocking happens.

    You may use mobile phone Opera browser that has a built-in VPN, allowing to choose Asia/Europe/America as a location.

    Choose Asia, which in my case used Singapore IP. Set Opera to also include VPN for search results.
    Then, check on the mobile Opera is set for Asia, on Google:

    “What is my IP?”

    And copy the IP to check it’s indeed in Asia, on a service as (replace the 8.8.8.8 IP with the one you got):

    8.8.8.8 IP Address Details - IPInfo.io

    Now, access your website. You may get on the browser client a ‘502’ error on the browser. Log file will look something like:

    2021-mm-dd 12:51:40 Error 77.111.245.12 403 GET / HTTP/1.0 5.00 K Apache SSL/TLS access
    2021-mm-dd 12:51:40 Error 77.111.245.12 [client 77.111.245.12] ModSecurity: Access denied with connection close (phase 1). Matched phrase "SG" at GEO:COUNTRY_CODE. [file "/etc/apache2/modsecurity.d/rules/comodo_free/country_block.conf"] [line "1"] [id "99999932392"] [msg "Blocking SG"] [hostname "currenge.com"] [uri "/"] [unique_id "Ya88vB9V-Qu@vxwlDnpcQwAAAAA"] Apache error
    2021-mm-dd 12:51:40 Error 77.111.245.12 62778#0: *180 upstream prematurely closed connection while reading response header from upstream nginx error

    ** See more recommendations in the attached PDF file **

  10. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    For Comodo it should be changed on:

    # vi /etc/apache2/modsecurity.d/rules/comodo_free/00_Init_Initialization.conf

    SecDefaultAction \
    "phase:1,log,auditlog,deny,status:403"
    SecDefaultAction \
    "phase:2,log,auditlog,deny,status:403"

    An error occurred while saving the comment
    EhudZ commented  · 

    Plesk ModSecurity required a revision...

    You click "On" but you are actually mainly on Warning mode... as scores prefined do not bring to 403 error lots of the times...

    You better manually fix this to:

    the following parameters are specified in /etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/10-crs-setup.conf

    They IMHO should be commented out:
    SecDefaultAction "phase:1,log,auditlog,pass"
    SecDefaultAction "phase:2,log,auditlog,pass"

    while they should be:

    SecDefaultAction "phase:1,log,auditlog,deny,status:403"
    SecDefaultAction "phase:2,log,auditlog,deny,status:403"

    **There was no RESTART is required**

    # plesk sbin modsecurity_ctl --disable
    # plesk sbin modsecurity_ctl --enable
    # service httpd restart

    EhudZ supported this idea  · 
  11. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. 27 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. 15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    The Plesk FireWall using IPTABLES has issues with memory, which as I understand, IPSET does not suffer from. The option to use IPSET Plesk FireWall is welcomed!

    EhudZ supported this idea  · 
  15. 22 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    EhudZ supported this idea  · 
  16. 109 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. 9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    You may use Google Authenticator MFA

    Note, it is bypassed on mobile Plesk...

    You may also use fixed IPs and allow Plesk pannel and ports 8443 and 8447 (via hosting server as AWS light Sail and also Plesk FW) be accessed ONLY from the fixed IPs you preauthorized.

    EhudZ supported this idea  · 
  18. 4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    Have a look for example at the WPML plugin which has in wp_options the field:
    wpml_language_switcher_template_objects

    This SYNCED leads to mixture of environments as
    staging.example.com
    and
    example.com

    EhudZ supported this idea  · 
  19. 6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    EhudZ supported this idea  · 
  20. 7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    open discussion  ·  IgorG responded

    Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.

    IG

    An error occurred while saving the comment
    EhudZ commented  · 

    Please note, those that use this MFA might think they have its protection, while the Plesk mobile app might serve as kind of a "back door". Meaning, they might be considered as mislead to believe they are protected by MFA, while in fact, this might not be the case.

    EhudZ supported this idea  · 

Feedback and Knowledge Base