IP address blocking - Fail2Ban

This article describes how Fail2Ban can be activated and configured in Plesk to automatically block IP addresses. To block IP addresses or networks globally for your server, you can alternatively use the Cloud Firewall.

Install Fail2Ban for Plesk

The Fail2Ban extension can be installed via the Plesk web interface in just a few steps. First log in to your server as an administrator. In addition to the standard user authentication, you can also perform the single sign-on login via our customer center. Learn more โ†’

Navigate to the menu item Tools & Settings โ†’ Updates

Select the Add/remove components button.

Set the status in the tree structure for Fail2Ban to Install and then carry out the installation using the Continue button.

Activate Fail2Ban in Plesk

After successful installation, navigate to the menu item Tools & Settings โ†’ Block IP addresses (Fail2Ban)

Activate the Enable attack detection checkbox to activate Fail2Ban. Confirm your action by clicking the Apply button.

Once the setting has been successfully applied, the Fail2Ban service will run in the background on your server.

Activate and deactivate jails in Fail2Ban

Fail2Ban distinguishes between the terms jails and filters.

  • Jails:

Jails (prisons) are used to link filters and actions. In the configuration of a jail, both the log to be monitored and the action to be executed in the event of a hit are configured.

  • Filter:

Filters can be used to search logs with a regex failregex in order to aggregate hits.

You can manage, activate or deactivate the preconfigured jails via the Jails tab. Plesk already provides important jails as standard, such as IMAP and POP3 monitoring (plesk-dovecot).

Enabling jails may affect the availability of one or more of your server's services. Make sure that the filters used within the jails are configured correctly.

Unblock IP addresses in Fail2Ban

To unblock blocked IP addresses, navigate to the Blocked IP addresses tab and select the desired IP address from the list. Alternatively, you can use the search function if several IP addresses have been blocked.

  • Activate:**

Select Activate to temporarily unblock the IP address. If the selected IP address violates one or more jails policies again and repeatedly, the IP address will be blocked again.

  • To trusted IPs:**

Only select this option if the selected IP address is known and static. Adding unknown or dynamic IP addresses to the list of trusted IP addresses is a potential security risk.