Issue
The below WebShield error log may seem like an upstream misconfiguration:
2022/12/14 15:24:36 [error] 313569#313569: *38236 upstream timed out (110: Connection timed out)
while connecting to upstream, client: 2.2.2.2, server: _,
request: "GET /new/product/ HTTP/2.0",
upstream: "https://1.2.3.4:443/new/product/", host: "mycoolsite.ltd"
Although curl may also fail:
curl https://mycoolsite.ltd --resolve mycoolsite.ltd:443:1.2.3.4
curl: (7) Failed connect to taifbooks.ae:443; Connection timed out
Unexpectedly enough the server's own IP can be blacklisted:
for set in `ipset list -n | grep ipv4`; do ipset test $set 1.2.3.4; done
Warning: 1.2.3.4 is in set i360.ipv4.blacklist.So the packets from this IP are dropped via IPTables rules. The WebShield requests will be dropped, timeout will be returned. If we stop imunify360-webshield, requests will start to work.
Meantime, the HTTP access.log will never show a single request landing, while WebShield access.log show a lot of events with CAPTCHA 0.
Environment
- Imunify360
- WebShield
- Firewall
Solution
It is needed to check:
imunify360-agent ip-list local add --purpose drop 1.2.3.4
It is allowed to add IP address to a blacklist, and it is needed to remove it:
imunify360-agent ip-list local delete --purpose drop 1.2.3.4
Comments
0 comments
Please sign in to leave a comment.