- Posts: 48
- Thank you received: 1
- Home
- /
- Forum
- /
- Securitycheck Pro
- /
- Bug report
- /
- SecurityCheck Pro Main Page blank
Possible IP address conflict with Sucuri Proxy IPs
- azurelinksc
-
Topic Author
- Offline
- Senior Member
-
Less
More
6 months 2 weeks ago #7970
by azurelinksc
Possible IP address conflict with Sucuri Proxy IPs was created by azurelinksc
I've been having a problem with visitors being blocked (they see the "webmaster has forbidden" message) upon first visit to the site.
I have CPHulk rules on set up in WHM, and there is also a Sucuri firewall installed by my hosting provider. I don't know if it is possible, but it appears that visitors — including myself — are being assigned what may be the same Sucuri Proxy IP address when they visit. If one of those visitors is an attacker, e.g., a bot, and triggers a log entry in SCP and eventually gets blacklisted in SCP, then everybody else who tries to access the site from the same proxy IP is automatically blocked.
Does that sound possible? Maybe the Sucuri firewall functions as a CDN and provides IP addresses?
I'm planning to disable the Sucuri firewall and see if the problem stops. I thought I would post this here and see what your thoughts are on the matter.
Thanks!
I have CPHulk rules on set up in WHM, and there is also a Sucuri firewall installed by my hosting provider. I don't know if it is possible, but it appears that visitors — including myself — are being assigned what may be the same Sucuri Proxy IP address when they visit. If one of those visitors is an attacker, e.g., a bot, and triggers a log entry in SCP and eventually gets blacklisted in SCP, then everybody else who tries to access the site from the same proxy IP is automatically blocked.
Does that sound possible? Maybe the Sucuri firewall functions as a CDN and provides IP addresses?
I'm planning to disable the Sucuri firewall and see if the problem stops. I thought I would post this here and see what your thoughts are on the matter.
Thanks!
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4087
- Thank you received: 317
6 months 2 weeks ago #7971
by Jose
Replied by Jose on topic Possible IP address conflict with Sucuri Proxy IPs
Hi azurelinksc,
To avoid cases like yours I created the "Avoid proxies" option into Global Configuration -> Tuning tab. If it's set to 'Yes' then the firewall will use the "remote_addr" header to determine the offensive IP. This could ban all users if, as is your case, your behind a proxy or a cdn.
If the "Avoid proxies" option is set to "No" then the firewall will examine several headers (among others Cloudflare and Incapsula headers) to determine the real IP of the attacker. This is the most reliable way to determine the IP and you should be used if possible.
Can you check what's your setting for the "Avoid proxies" option?
Regards,
Jose
To avoid cases like yours I created the "Avoid proxies" option into Global Configuration -> Tuning tab. If it's set to 'Yes' then the firewall will use the "remote_addr" header to determine the offensive IP. This could ban all users if, as is your case, your behind a proxy or a cdn.
If the "Avoid proxies" option is set to "No" then the firewall will examine several headers (among others Cloudflare and Incapsula headers) to determine the real IP of the attacker. This is the most reliable way to determine the IP and you should be used if possible.
Can you check what's your setting for the "Avoid proxies" option?
Regards,
Jose
Please Log in or Create an account to join the conversation.
Time to create page: 0.090 seconds