Symptoms
After installing ea-nginx on a server, ModSecurity blocks many requests to a website that previously worked without issue. This is most commonly seen when attempting to log in to an admin panel of a website, or when a website makes many HTTP requests back to the server to load assets or other items the website needs to function.
Description
The cPanel ea-nginx package functions as a proxy in front of Apache. When a request is made to your website that must be processed by Apache, by default the server's own IP address is passed to Apache. This can be seen by ModSecurity as a brute-force attack to your website, as all requests are coming from the same IP, resulting in ModSecurity blocking any further connections.
Workaround
Install and configure mod_remoteip on your server to pass the real IP address from NGINX to Apache: How to enable mod_remoteip
Comments
0 comments
Article is closed for comments.