Skip to main content

Mod_Sec Detect Server IP

mgilank
Hi, i dont know if this strange situation or not. before my server spec : - nginx - varnish cache (unixy plugin) - fastcgi i run this rule from this thread [error] [client xx.xx.xx.xx] ModSecurity: Access denied with code 401 (phase 2). Operator GT matched 0 at USER:bf_block. [file "/usr/local/apache/conf/modsec2.user.conf"> [line "16"> [id "5000135"> [msg "ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.">
xx.xx.xx.xx = this is my server / shared ip Then i used varnish rate limit feature : blog.unixy.net/2013/10/stopping-wordpress-wp-login-php-bot-attacks-with-varnish-page-throttling/ it's throwing the same result just different error message! Is that normal if xx.xx.xx.xx is my shared ip? i guess not! . But how to change that? Thanks!

Comments

6 comments

Date Votes
  • Jcats
    Hello, This is most likely because nginx is being used as a reverse proxy so its sitting in front of Apache on port 80, when the request comes in, its making it look like its coming from your server IP since its being forwarded from Nginx. Your apache access logs are most likely flooded with requests from your server IP(Nginx) so essentially anyone brute forcing or failing to log in is basically all doing it from your server IP and resulting in ALL requests being blocked. You need to implement this into Nginx:
    0
  • mgilank
    Hi, i got it work when install mod_rpaf, now the mod_sec work well. but i got other issue. i used LiveZilla as web chat and it's desktop client tell server ip when visitor come. So i make simple php script
    ; echo"
    "; echo $_SERVER["SERVER_ADDR">; echo"
    "; echo $_SERVER["HTTP_X_FORWARDED_FOR">; ?>
    That 3 code above showing my server ip. what is wrong? Thanks!
    0
  • Jcats
    Not sure, still seems like you have the same problem. Did you try
    0
  • mgilank
    Not sure, still seems like you have the same problem. Did you try ; it showed visitor ip. How to solve this? Thanks!
    0
  • Jcats
    Sorry you will have to better explain what you mean when you say
    when i access to that script into my client ip it show all of that is 12.12.12.12

    0
  • cPanelMichael
    Hello :) Please also keep in mind that Nginx is not natively supported by cPanel, so workarounds to these types of issues typically come from users with similar environments instead of staff. Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post