CSF Allow Causes site to NOT load under very specific conditions

[GOT]

Its not every day I find something this perplexing, so I thought I would toss this out there to the hive mind and see if anyone can guess what might be going on here.

Server is a Centos 7, fully updated server, high end specs, bare metal, latest Release version of cPanel. Running Litespeed.

This is so weird.

So, this url:

Anna Maria Island Vacation Rentals | Search Results | AnnaMaria.com

Anna Maria Island Vacation Rentals - View our Luxury Rental Homes. Beachfront condos with heated swimming pools and miles of sandy, white beaches.

www.annamaria.com

For any of you in the forum would load perfectly normally across all browsers. However, if your IP was in the csf.allow, or in the global allow file, and you try to load is using Chrome (and chrome only) then the results portion hangs.

If you disable csf (csf -x) it STILL hangs. If you flush IPTABLES after disabling csf, it STILL hangs. If you remove the IP from csf.allow and/or the global allow list, and restart csf/lfd, then the site loads fine.

We can't test it with Apache because the end users htaccess files are full of errors and on apache the sites just throw a 500 error on apache. And while we could clean up this site's for the purpose of testing there are 500 other domains on here with the same kind of htaccess errors so testing under just apache is not feasible.

We can also eliminate modsecurity as we tried disabling it completely to no avail.

It is beyond anything I have seen before that the csf.allow file would play any role whatsoever when csf is off, much less an allowed ip PREVENTING the loading of a page.

Would love to hear ideas here, I am feeling like this is an issue with CSF which of course there is pretty much no support for. I don't feel right pushing this off on cPanel.

 

[cPanelAnthony]

Hello! It might be worthwhile to start tailing various log files while triggering this error from one of these "blocked" IP addresses. You could even pipe "tail -f" into a "grep" command for the device's IP address. For example;

tail -fn0 /usr/local/apache/logs/* | grep $ipaddress

this would tail all Apache log files simultaneously and only show entries from the relevant IP.

The cPanel Log Files - cPanel Knowledge Base - cPanel Documentation

documentation.cpanel.net

While networking or firewall issues seem less likely due to the error being Chrome-specific, it might be worth doing some port and network testing from one of these impacted IP addresses.

Troubleshooting Network Issues

Network troubleshooting with nmap

This is definitely a head-scratcher for me. Perhaps some users here will be able to offer some input.

 

[GOT]

What I see is that when I am loading with chrome, the logs show about 70 image requests like

24.249.121.57 - - [20/Jan/2022:08:22:43 -0500] "GET /unitimages/sm-51a964ff-c206-4fcc-9277-1f0ec8424f15.jpg HTTP/1.1" 200 24309 "https://www.annamaria.com/vacation-...ia.com/vacation-rentals/results/?searchform=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"

Which I have to assume are the listing images. after that the logs stop and then a minute or two later it will load the favicon and then be done, but the browser as you know just shows the spinning icon. None of the images show up, even though they were given a 200 result code as seen above.

In firefox, the image load list is of course much longer, because that page has 228 listings in it. And once the images are done being sent, there are more wp logs executed that do not happen when visiting with chrome.

There is no errors being generated in either the domlog or the apache error log.

 

[cPanelAnthony]

I admit this is an odd one. I'm hopeful that someone here might have a suggestiton.