The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

multiple users behind the same IP address

Discussion in 'Security' started by ajeh79, Jul 22, 2010.

  1. ajeh79

    ajeh79 Registered

    Joined:
    Jul 22, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi All,

    I recently made a web-application for our company where they can enter data.
    It works fine until the personal in our office starts adding the data. It seems like when they start adding the data all together it triggers the mod_security which then blocks our IP(adds it to the blacklist). I spoke to the hosting party, and they said that multiple people working behind the same IP address could certainly be the cause of the problem. If there is a large number of people, there will, inherently, be more mistakes made.

    Is there a way to make this work.

    This is the error they are receiving where we have the site hosted.
    MY IP ADDRESS # lfd: 10 (mod_security) rule triggers from MY IP ADDRESS (US/United States/MY IP ADDRESS.#######) in the last 300 secs - Thu Jul 22 09:56:38 2010
     
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    The log information provided is indicative that the system is using CSF, which is inclusive of a component named LFD, and it may be safely inferred that CSF added the IP address to be blocked in the system's iptables-based firewall, an indirect consequence of having triggered a rule in the Apache mod_security configuration. I recommend reviewing the CSF configuration and consider adding an exemption for any "trusted" IP addresses or desired IP address ranges where network traffic should be allowed and not blocked by the firewall.

    As a starting point, you may look at using one or more of the following configuration files for CSF:
    Code:
    /etc/csf/csf.allow
    /etc/csf/csf.ignore
    Documentation Reference: http://www.configserver.com/free/csf/readme.txt
    To help describe the use of both configuration files you may refer to the included help document, a plain-text file named readme.txt, in addition to reviewing the default contents contained within each configuration file, as seen below:
    Code:
    # grep . /etc/csf/csf.allow
    ###############################################################################
    # Copyright 2006-2010, Way to the Web Limited
    # URL: http://www.configserver.com
    # Email: sales@waytotheweb.com
    ###############################################################################
    # The following IP addresses will be allowed through iptables.
    # One IP address per line.
    # CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
    # Only list IP addresses, not domain names (they will be ignored)
    #
    # Advanced port+ip filtering allowed with the following format
    # tcp/udp|in/out|s/d=port|s/d=ip
    # See readme.txt for more information
    #
    # Note: IP addressess listed in this file will NOT be ignored by lfd, so they
    # can still be blocked. If you do not want lfd to block an IP address you must
    # add it to csf.ignore
    Code:
    # grep . /etc/csf/csf.ignore
    ###############################################################################
    # Copyright 2006-2010, Way to the Web Limited
    # URL: http://www.configserver.com
    # Email: sales@waytotheweb.com
    ###############################################################################
    # The following IP addresses will be ignored by all lfd checks
    # One IP address per line
    # CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24)
    # Only list IP addresses, not domain names (they will be ignored)
    #
    127.0.0.1
    For in-depth assistance with CSF please refer to the vendor's official web site and their available support channels:
    http://www.configserver.com/
    http://www.configserver.com/cp/csf.html
    http://forum.configserver.com/
    http://www.configserver.com/contact.html
    http://www.configserver.com/support.html
     
  3. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    It will be nice to see what modsecurity error is the one triggered as modsecurity will not check for amount of users connected but for what the users does when entering the data.

    So, check your MODSECURITY log and check what exactly is the rule that was triggered that will help a lot.

    Regards,

    Sergio
     
Loading...

Share This Page