SOLVED RemoteIP and Proxy server config

[UCLA-Daniel]

Hi Guys, cPanel thank you for a great product and quick patches to updates and security. Having said that, heads up. Last night's update broke my remoteIP and proxy server config.

FYI I have the "remoteIP" module (ea-apache24-mod_remoteip) installed and the cpanel update last night threw my cpanel config for a loop. That is to say that it "rpmsaved" it (as 360_mod_remoteip.conf.rpmsave) but replaced it with a vanilla config (370_mod_remoteip.conf) without my proxy server IP in them. So please check your cpanel configs (/etc/apache2/conf.modules.d/) and your web logs this morning.

We were alerted this morning to many hacking attempts. When we looked closer we realized the remoteip module was not working correctly. So in the weblogs all the hacking looked like they from the proxy IP and not from the true originating IPs. Normally we block all untrusted IPs to login pages.

This update will undoubtedly open up security policies implemented via .htaccess files and proxy servers. Please note and check your logs. This is how we found out about this issue. Hope this helps anyone seeing strange traffic today.

Again, thank you cPanel and all forum users for the best support and product. This is the first time I've had an issue with an update and wanted to post to help others, just like this forum has helped us so many times before. Thanks all.

 

[cPanelLauren]

Hi @UCLA-Daniel

While I'm unsure if related based on the information you provided I do know there were issues with the recent EasyApache update last night which we discuss in a blog post today: Problem with recent EasyApache update | cPanel Blog

If you are continuing to experience issues with this please open a ticket using the link in my signature so we can take a closer look.


Thank you,

 

[cPanelLauren]

Hi @UCLA-Daniel

I apologize I believe I misread your initial post. I was able to find a ticket that was opened for you for this issue and it looks like in this instance the modifications directly to 370_mod_remoteip.conf and 360_mod_remoteip.conf were the culprit. Modifications made here are subject to being overwritten and it is best to make these changes in /etc/apache2/conf.d/includes to ensure that a future update won't be overwritten. I also want to thank you for your kind words and your letting us know of the issue, we do very much appreciate it.


Thank you,

 

[UCLA-Daniel]

Hi Lauren,

Yes, looks like the way I configured remoteIP was not the best way. I got the instructions (best practices) from my support ticket tech and will post here. Hopefully it will help someone else avoid my pitfalls. Again thank you and cPanel for the great job you guys do day in and day out! Another save by Support and the Forum!!

#### Correct way to configure RemoteIP in cPanel ####

Hi there,

I was able to confirm similar, but not exact behavior as what you had advised.

When upgrading from: ea-apache24-mod_remoteip-2.4.29-9.9.1.cpanel.x86_64

to: ea-apache24-mod_remoteip-2.4.33-1.1.2.cpanel.x86_64

the conf.modules.d file does in fact modify from: 360_mod_remoteip.conf

to: 370_mod_remoteip.conf

However, this has not what is responsible for getting rid of your customizations. The entire directory /etc/apache2/conf.modules.d/ is not intended to be edited or changed by system administrators.

All files in this directory, including 360_mod_remoteip.conf and 370_mod_remoteip.conf, will revert anytime their related EA4 RPM is updated by cPanel Development.

Specifically, you will see the old file renamed as ".rpmsave" if it had customizations to it by the RPM update system.

Regardless of the 360 -> 370 name change, this would have (and will continue to) revert out each time the mod_remoteip package is updated.

For any customizations, please instead place them inside the appropriate include file within:

/etc/apache2/conf.d/includes/

A good one to use is usually:

pre_virtualhost_global.conf

More information on Apache Includes can be found here:
Include Editor - Version 70 Documentation - cPanel Documentation

Please avoid making any edits to files within /etc/apache2/conf.modules.d/ and instead make changes to the Apache Includes file(s). That will make sure they are kept throughput RPM updates.

If you have anymore questions, please feel free to ask.

Thank you,

Angela Oates

Technical Analyst, cPanel Inc.

~

 

[cPanelLauren]

Hi Dan,

I'm really happy we were able to help you get that sorted. Thank you so much for posting the configuration instructions as well!


Thank you!