When checking the NGINX access log on CloudLinux servers, you may notice that the client address appears as the localhost IP address (127.0.0.1), as shown below:
127.0.0.1 - - [17/Jan/2024:15:57:33 +0700] "GET / HTTP/1.1" 302 200 "https://domain.tld/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0" "203.0.113.2"
Description
Fact is that Imunify360 does not support NGINX when configured with Reverse Proxy, which causes the IP address of incoming traffic to appear as 127.0.0.1 in the logs.
To ensure the correct client IP is recorded, modifications are necessary in the imunify360-webshield.conf file.
Workaround
- Access the Server:
Log in to the server's command line as the
rootuser via SSH or use the "Terminal" feature in WHM. - Modify the Configuration File:
Run the following command to add the necessary configuration:
echo 'set_real_ip_from 127.0.0.1;' >> /etc/nginx/conf.d/server-includes/imunify360-webshield.conf
- Rebuild the NGINX Configuration:
Execute the following command to rebuild the NGINX configuration:
/usr/local/cpanel/scripts/ea-nginx config --all
- Restart the NGINX Service:
Finally, restart the NGINX service using the command:
/usr/local/cpanel/scripts/restartsrv_nginx
By following these steps, you can ensure that the correct client IP addresses are logged in NGINX when using CloudFlare or Imunify360 Webshield.
