Support

Admin Tools

#10209 Nginx frontend to apache = dead server with admin tools pro firewall

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 10 January 2012 03:34 CST

Saturday, 07 January 2012 21:43 CST

harty83
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? None matched
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? No
Joomla! version: 1.5.25
PHP version: 5.3.2-1ubuntu4.11
MySQL version: 5.1.41-3ubuntu12.10
Host: Linode VPS
Admin Tools version: svn673 (testing it out)


Description of my issue:

I have a setup where nginx handles static content and passes dynamic content to apache. For some reason with this setup, nginx chokes with admin tools with WAF. When enabled, it takes well over a minute for the site (Joomla) to load and when it does, it gives me the I'm a bad guy message :-) Unfortunately, it is not recording why in the log. Any ideas on why Admin Tools WAF would not like the proxy setup?

I've rigged the proxy setup a bit as I use virtuemin to help manage my server which sets up virtual hosts as name based. For the sake of sanity, I would prefer not to go through and manually change all my apache config files to use *:8081 rather than my.ip.add.ress:8081. So nginx passes onto my.ip.add.ress:8081 rather than 127.0.0.1:8081. Could this somehow be the cause?

Thanks!
Alan

Sunday, 08 January 2012 03:42 CST

nicholas
Hi Alan,

What you describe can not happen the way you describe it. The 1 minute delay and the "you're a spammer, hacker, ..." message mean that Automatic IP Address Block has kicked in. When does it kick in? When there are more than X entries in the Security Exceptions Log during the last Y time, where X and Y are configurable in WAF's configuration page.

As a result, my advice is to first empty the IP autoban and security exceptions tables. You can do that directly in phpMyAdmin by truncating the contents of jos_admintools_ipautoban and jos_admintools_log. Then retry loading your site. If it fails again, the jos_admintools_log message will contain a few entries. Check the "ip" and "reason" fields and tell them what they are. Also tell them the IP of your computer and the IP of your site, so that I can understand what I'm reading.

What I am suspecting: NginX is not set up correctly as a proxy server, always passing the same IP address to Apache. This makes all IP-related features in Admin Tools to work erratically. What I mean is that if any visitor throws a security exception, it would be logged as the same IP address as the next, completely unrelated to the attack, visitor. This will eventually trigger the IP autoban protection and block that IP. Since that IP is the one and only IP shown by NginX to Apache, it will block NginX, therefore killing your site. Unfortunately, this is as far as I can go. NginX setup is not my niche.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 09 January 2012 21:47 CST

harty83
Ah, you were right. I had apache's mod_rpaf module installed so that it logged the correct IP to apache's logs. But, that was not getting translated into PHP's $_SERVER['REMOTE_ADDR'] because I neglected to add my server's IP addresses to rpaf's RPAFproxy_ips config option. It just had 127.0.0.1 which would have worked if I was setting the web servers up to block direct access to apache. But since I wasn't, my server's IP was getting autobanned because as far as admin tools was concerned, all the attacks were coming from it.

Now that I added my IPs to the RPAFproxy_ips setting, $_SERVER['REMOTE_ADDR'] is properly populated.

Thanks!
Alan

Tuesday, 10 January 2012 03:34 CST

nicholas
That explains it :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!