ModSecurity Tools showing server ip as source ip

Operating System & Version
CentOS v7.9.2009
cPanel & WHM Version
cPanel & WHM v104.0.10 (STANDARD)

Intekhab

Member
Apr 22, 2007
12
0
151
I had ea-apache24-mod_remoteip installed.

But over /etc/apache2/conf.modules.d/370_mod_remoteip.conf I only had RemoteIPHeader CF-Connecting-IP block.

So I added
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy server-main-public-ip

After the CF-Connecting-IP block.
Should that be okay?

I had %h replaced with %a over one log but not the other. I have now fixed the other one.

Restarted Apache.

I have not got any new hit to mod sec yet. So I'll check the hit list later.

Thanks for your quick support!

Btw, I was expecting installing cpanel official nginx will auto take care of the proxy logging issue.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,638
1,847
363
cPanel Access Level
Root Administrator
Btw, I was expecting installing cpanel official nginx will auto take care of the proxy logging issue.
It should - when you install Nginx through the cPanel tools, we do also install mod_remoteip. That is noted here:


I've never had a need to customize the remoteip config file, so I'm not 100% sure if the details you outlined would work or not. If you're still seeing issues after you've received some more ModSec hits, please open a ticket with our support team and we'll be happy to investigate!