421 Misdirected Request on websites
Incident
Report for Liquid Web - Services
Resolved
The recent Apache 2.4.64 update caused SNI issues, resulting in 421 Misdirected Request errors on websites, particularly for sites behind proxies or WAFs (such as Cloudflare, NGINX).
The cPanel team has rolled back the offending changes in the ea-apache24 package. We applied the rollback, removed conflicting configs, and verified via logs that the issue is resolved.
All affected websites are now loading normally, and services are stable.
The cPanel team has rolled back the offending changes in the ea-apache24 package. We applied the rollback, removed conflicting configs, and verified via logs that the issue is resolved.
All affected websites are now loading normally, and services are stable.
Update
Upon further investigation and discussion with cpanel's support it appears to be that the issue is specifically with the most recent Apache update, regardless of control panel. Specifically if the site is behind a proxy or WAF (cloudflare, sucuri, nginx, etc,.).
cPanel is working on a solution and hope to have it available for update soon.
cPanel is working on a solution and hope to have it available for update soon.
Identified
We have found a temporary fix while we wait for cPanel to implement a permanent fix. Downgrading the EA apache and nginx packages has shown to resolve the 421 errors so our admins are applying this fix to affected servers.
Investigating
Apache was upgraded to version 2.4.64 to address several CVEs. However, this updated version has been found to cause 421 errors when used in conjunction with EA-Nginx.
The cPanel team has advised that downgrading to Apache 2.4.63 serves as a temporary workaround for the issue.
We are liaising with the cPanel team, who have opened an internal case for their development team to investigate further.
Plesk team is preparing a custom fix for Plesk Obsidian 18.0.70 and 18.0.71.
Workaround for Plesk:
https://support.plesk.com/hc/en-us/articles/33500191748887-Websites-hosted-in-Plesk-are-not-accessible-after-a-recent-Apache-update-421-Misdirected-Request
We will update the status page as soon as more information becomes available.
The cPanel team has advised that downgrading to Apache 2.4.63 serves as a temporary workaround for the issue.
We are liaising with the cPanel team, who have opened an internal case for their development team to investigate further.
Plesk team is preparing a custom fix for Plesk Obsidian 18.0.70 and 18.0.71.
Workaround for Plesk:
https://support.plesk.com/hc/en-us/articles/33500191748887-Websites-hosted-in-Plesk-are-not-accessible-after-a-recent-Apache-update-421-Misdirected-Request
We will update the status page as soon as more information becomes available.
This incident affected: CPanel and Plesk.