OWASP ModSecurity Core Rule Set V3.0 notifications

Operating System & Version
CloudLinux 7.8, Centos 7
cPanel & WHM Version
90.0.14

Userr020

Registered
Oct 8, 2020
1
0
1
Finland
cPanel Access Level
Root Administrator
I have lot of same notifications ModSecurity™ Tools / 127.0.0.1 - WARNING - 200 920280: Request Missing a Host Header.

How fix this? This block ip 127.0.0.1 or what?
 

cPanelSamA

Moderator
Staff member
Oct 30, 2019
11
3
78
Houston, Texas
cPanel Access Level
Root Administrator
Hello,

You generally do not want to block requests from 127.0.0.1/localhost as this is the server itself processing requests locally. Blocking this IP may cause unexpected behavior with the cPanel & Software installation. In rare instances, it can be a result of a rouge API processing excessive requests but this is rather uncommon.

Here is the rule logic for "Request Missing a Host Header" as to why it would be triggered:

Code:
# -=[ Rule Logic ]=-

# These rules will first check to see if a Host header is present.

# The second check is to see if a Host header exists but is empty.
If any of these conditions are met, the ModSecurity rule regarding "Request Missing a Host Header" will be generated.

Are you able to provide us with the full output of the ModSecurity entry for that instance (omitting your IP Address and hostname)? Additionally, are you doing anything in particular to cause this entry? If so, are you able to replicate it, and disclose those steps?
 

Kent Brockman

Well-Known Member
PartnerNOC
Jan 20, 2008
1,249
50
178
Buenos Aires, Argentina
cPanel Access Level
Root Administrator
Hello guys, this issue is happenning since 2017 and is well known by cPanel. But yet, they didn't manage to fix it:

The workaround is to disable the rule #920280: "Request Missing a Host Header". It is not the best workaround, cause the correct method should be that cPanel enabled an owned filter to exclude petitions to whm-server-status and/or when coming from 127.0.0.1. You can grab a custom rule for doing that in this link: OWASP ModSecurity Core Rule Set V3.0 whm-server-status

Now, to all the cPanel staff, PLEASE bring this to the developer team's attention. THREE YEARS COUNTING and is still pending a fix.

On a personal note, disabling rule 920280 is now part of my setup routine when configuring every new cPanel server. Ridiculous, indeed. But it solves the issue.

Best regards