Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

wordpress brutrforce protection via mod_sec rules with nginx installed - working solution?

Comments

4 comments

  • cPanelMichael
    Hello :) I have not personally used that ruleset. Have you tried temporarily disabling Nginx to determine if you experience the same issue with the standard Apache installation? Thank you.
    0
  • quizknows
    The question here is what IP does your normal apache log show? See how the modsec data has the "Real" IP under "X-Forwarded-For"? this means Apache is seeing the proxy IP of nginx as the visitor, but that visit carries the original ip in the forwarded for header. I know there is a way to configure around this so that the apache logs use the "X-Forwarded-For" IP as the visitor IP rather than the IP of the host running the nginx reverse proxy. I think it my have to do with mod zeus that was used for load balancers or something similar to that. Basically, it's not a problem with modsec, and there should be a way to fix it but I don't recall the exact way. This might help you: [url=http://stackoverflow.com/questions/9019836/how-to-make-nginx-and-apache-work-together-for-showing-the-real-client-ip]proxy - how to make nginx and apache work together for showing the real client IP? - Stack Overflow
    0
  • mitya4004
    Apache correclty determines IP of visitor - we use mod_rpaf for it (that already desribed in that article). In mod_sec logs correct IP of visitor is also determined. Bt in fact that rule set block only server IP... If we disable nginx 0 we get correct work of that rules set. I suppose that problem is around "mod_rpaf + mod_security" It would be great if cpanel uodates mod_sec so we cah test ot on latest version - or may be we found another solution of it..
    0
  • quizknows
    That makes sense, it may have to do with the processing phase of the rule. Good luck.
    0

Please sign in to leave a comment.