SOLVED RemoteIP and Proxy server config

Hi Guys, cPanel thank you for a great product and quick patches to updates and security. Having said that, heads up. Last night's update broke my remoteIP and proxy server config.

FYI I have the "remoteIP" module (ea-apache24-mod_remoteip) installed and the cpanel update last night threw my cpanel config for a loop. That is to say that it "rpmsaved" it (as 360_mod_remoteip.conf.rpmsave) but replaced it with a vanilla config (370_mod_remoteip.conf) without my proxy server IP in them. So please check your cpanel configs (/etc/apache2/conf.modules.d/) and your web logs this morning.

We were alerted this morning to many hacking attempts. When we looked closer we realized the remoteip module was not working correctly. So in the weblogs all the hacking looked like they from the proxy IP and not from the true originating IPs. Normally we block all untrusted IPs to login pages.

This update will undoubtedly open up security policies implemented via .htaccess files and proxy servers. Please note and check your logs. This is how we found out about this issue. Hope this helps anyone seeing strange traffic today.

Again, thank you cPanel and all forum users for the best support and product. This is the first time I've had an issue with an update and wanted to post to help others, just like this forum has helped us so many times before. Thanks all.

 

Hi Lauren,

Yes, looks like the way I configured remoteIP was not the best way. I got the instructions (best practices) from my support ticket tech and will post here. Hopefully it will help someone else avoid my pitfalls. Again thank you and cPanel for the great job you guys do day in and day out! Another save by Support and the Forum!!

#### Correct way to configure RemoteIP in cPanel ####

~