Maybe it does have something to do with the DNS A record. I don’t see anything for my username, but when I look under the nobody user for the modsec_audit stuff, I see this:
Message: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "299"] [id "960015"] [rev "3"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: 132.148.11.44"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
132.148.11.44 was the other IP address I assigned to the the DNS A record. I removed those A records now because I couldn’t find away in cPanel to get Apache to listen on both IP addresses. Perhaps it’s cached somewheres and the DNS servers just need time to update?
What do you guys think? It’s just odd I don’t see my connection at all in the modsecurity log files when I try connecting…