WHM 96 Nginx Visitor IP for ModSec and CSF

thewebexpert

• May 24, 2021 13:32

Good afternoon! I thought I would check out the new WHM 96 Nginx feature. one magic button click and the server will start using nginx. What I noticed immediately in the APACHE STATUS screen, all visitors was the server ips ... And in ModSecuity logs, all "hits" were also the server ip. I tried the rebuild config, restart nginx, restart apache, but in the end, I did not see Visitor IP for ModSec and apache, and was also concerned that CSF also would be getting the wrong data. Has anyone tried running NGIX with ModSec and CSF (Config Server Firewall) ... Update: I had to remove NGIX to put the visitors back to normal for now Thanks!

• 

  andrew.n

  • May 24, 2021 18:34

  Have a look at this:

  0
• 

  thewebexpert

  • May 24, 2021 18:37

  That does not really talk about the server ip showing up in the mod security logs .. it just talks about the non static content not being intercepted by modsecurity, no does it talk about CSF... mod_remoteip was already installed

  0
• 

  cPRex Jurassic Moderator

  • May 24, 2021 19:29

  @thewebexpert - if that tool isn't working well for you, could you submit a ticket so we can do some more testing on your machine?

  0
• 

  kishan2

  • September 25, 2021 09:18

  First install mod_remoteip from WHM>Software>EasyApache 4 Then add the following configuration in /etc/apache2/conf.d/includes/pre_virtualhost_global.conf RemoteIPHeader X-Forwarded-For LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined RemoteIPHeader X-Forwarded-For Then restart Apache server. Hope it helps.

  0

Please sign in to leave a comment.