OS AlmaLinux v9.3.0 STANDARD
cPanel Version 118.0.4
CSF: 14.20
Notable modules:
mod_remoteip (cloudflare)
mod_http2-2.4.59-1.1.1.cpanel.x86_6
First, I appreciate all the hard work the team puts into this software.
Recently setup a fresh cPanel server and I noticed that the firewall wasn't blocking repeated mod security hits, despite configuring LF_MODSEC with a low threshold (2). The CSF Cloudflare firewall also wasn't functioning properly.
CSF seemed to be ignoring mod security in the lfd log, despite the mod security hits appearing in the Apache error log.
After a lot of troubleshooting, I discovered that the issue appears to arise when mod_http2 is enabled.
Upon running EasyApache and removing mod_http2, the CSF firewall started functioning as expected and blocking repeated mod security hits, the Cloudflare firewall in CSF also started working.
I repeated the process of installing and removing mod_http2 several times, and it appeared to be somehow related to mod_http2.
I searched around but couldn’t find any additional info so not sure if this is related specifically to AlmaLinux v9, etc. If this isn't a bug please move to the correct forum.
Again, appreciate all the hard work the team puts into this software!