Nginx with mod_remoteip and mod_security
Hi I'm using so far nginx as a reverse proxy in front of apache 2.4, PHP 5.6 Everything works great. In the apache log I can see the real ips of the visitors. I use
Cphulk show the real ips at the logs, websites uses the above headers to show the real ips and everything is fine. However ModSecurity shows the ip of my server Am i doing anything wrong, where should I start investigating? One more thing is that when I try to trigger a rule from modsecurity the rule is triggered but the page is served to the client. Is this supposed to happen? I thought it would 403 the visitor.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;Cphulk show the real ips at the logs, websites uses the above headers to show the real ips and everything is fine. However ModSecurity shows the ip of my server Am i doing anything wrong, where should I start investigating? One more thing is that when I try to trigger a rule from modsecurity the rule is triggered but the page is served to the client. Is this supposed to happen? I thought it would 403 the visitor.
-
Hello, Could you let us know the full steps you took when configuring Mod_RemoteIP? Thank you. 0 -
To be honest I didn't configure mod_remoteip I just installed it using easyapache 3 custom modules based on this Custom Modules - EasyApache - cPanel Documentation Should I do anything else? 0 -
Should I do anything else?
Hello, It depends on your Nginx installation. Could you verify if you used a third-party plugin such as NginxCP or if you manually installed and configured Nginx? Please keep in mind that Nginx is currently unsupported. I encourage you to vote and add feedback to the existing feature requests for Nginx at: Stand-alone nginx supported as an alternative to Apache Nginx proxied to Apache (not standalone Nginx) Thank you.0 -
I have tried both manually and nginxcp. Right now the configuration is manual. If there is something wrong with my ngingx setup why cphulk and all other applications show the real ip of the visitor and just modsecurity shows the ip of the server? It seems weird to me. It's like modsec ignores the proxy_set_header 0 -
Hello, The issue is that we don't test features such as Mod_Security with Nginx, as it's unsupported. Thus, it's possible it won't function as expected without manual intervention. I suggest contacting the support team for the Nginx plugin you are using to see if they suggest any specific configuration changes to allow Mod_Security to work with Nignx. Thank you. 0 -
So the question is has anybody in these forums achieved modsecurity to work with nginx and show the real ip? If so please let us know to way you did this. @cPanelMichael There must be a line somewhere in modsecurity which defines the source of the visitor ip, if you know in which files modsecurity is configured please let me know Thank you 0 -
I've seen reports that utilizing mod_rpaf with Nginx works well with Mod_Security. There's a thread here you may find helpful: Mod_Sec Detect Server IP When you are referring to Mod_Security, are you referring to specific log files? If so, which log files are you referring to? Thank you. 0
Please sign in to leave a comment.
Comments
7 comments