The below WebShield error log may seem like an upstream misconfiguration:
2022/12/14 15:24:36 [error] 313569#313569: *38236 upstream timed out (110: Connection timed out)
while connecting to upstream, client: 220.127.116.11, server: _,
request: "GET /new/product/ HTTP/2.0",
upstream: "https://18.104.22.168:443/new/product/", host: "mycoolsite.ltd"
Although curl may also fail:
curl https://mycoolsite.ltd --resolve mycoolsite.ltd:443:22.214.171.124
curl: (7) Failed connect to taifbooks.ae:443; Connection timed out
Unexpectedly enough the server's own IP can be blacklisted:
for set in `ipset list -n | grep ipv4`; do ipset test $set 126.96.36.199; done
Warning: 188.8.131.52 is in set i360.ipv4.blacklist.
So the packets from this IP are dropped via IPTables rules. The WebShield requests will be dropped, timeout will be returned. If we stop imunify360-webshield, requests will start to work.
Meantime, the HTTP access.log will never show a single request landing, while WebShield access.log show a lot of events with CAPTCHA 0.
It is needed to check:
imunify360-agent blacklist --by-ip 184.108.40.206
It is allowed to add IP address to a blacklist, and it is needed to remove it:
imunify360-agent blacklist ip delete 220.127.116.11