The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Nginx with mod_remoteip and mod_security

Discussion in 'EasyApache' started by EneTar, May 14, 2016.

  1. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Hi I'm using so far nginx as a reverse proxy in front of apache 2.4, PHP 5.6 Everything works great. In the apache log I can see the real ips of the visitors. I use

    Code:
    proxy_set_header   X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    Cphulk show the real ips at the logs, websites uses the above headers to show the real ips and everything is fine.

    However ModSecurity shows the ip of my server

    Am i doing anything wrong, where should I start investigating?

    One more thing is that when I try to trigger a rule from modsecurity the rule is triggered but the page is served to the client. Is this supposed to happen? I thought it would 403 the visitor.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    I have tried both manually and nginxcp. Right now the configuration is manual. If there is something wrong with my ngingx setup why cphulk and all other applications show the real ip of the visitor and just modsecurity shows the ip of the server? It seems weird to me. It's like modsec ignores the proxy_set_header
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The issue is that we don't test features such as Mod_Security with Nginx, as it's unsupported. Thus, it's possible it won't function as expected without manual intervention. I suggest contacting the support team for the Nginx plugin you are using to see if they suggest any specific configuration changes to allow Mod_Security to work with Nignx.

    Thank you.
     
  7. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    So the question is has anybody in these forums achieved modsecurity to work with nginx and show the real ip? If so please let us know to way you did this.

    @cPanelMichael
    There must be a line somewhere in modsecurity which defines the source of the visitor ip, if you know in which files modsecurity is configured please let me know

    Thank you
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I've seen reports that utilizing mod_rpaf with Nginx works well with Mod_Security. There's a thread here you may find helpful:

    Mod_Sec Detect Server IP

    When you are referring to Mod_Security, are you referring to specific log files? If so, which log files are you referring to?

    Thank you.
     
Loading...

Share This Page