Symptoms
Servers that use the CloudLinux EasyApache packages, including CloudLinux and servers that use the Imunify360 Hardened repositories, still encounter 421 Misdirected requests on hosted websites.
Description
CloudLinux recently updated their provided ea-apache24 to version 2.4.64. Apache 2.4.64 introduced stricter SSL/TLS handling to address vulnerabilities, which leads to incompatibility issues with proxies that don’t include SNI in their upstream connections. The 421 error was a result of the server being unable to determine a matching virtual host due to missing SNI data.
For additional detailed information regarding this issue, please refer to the following article:
Apache 2.4.65 Update and Reverse Proxy 421
Workaround
CloudLinux has released an updated version of ea-apache24 to the cl-ea4-testing repository to address this issue. This can be updated to using the command below:
yum update ea-apache24* ea-nginx --enablerepo=cl-ea4-testing
For servers in which the packages are updated using Imunify360 Hardened repositories, you can upgrade ea-apache24 from the beta repositories:
yum update ea-apache24* ea-nginx --enablerepo=imunify360-ea-php-hardened-beta
If version lock was used to temporarily pause updates to this package, it can be removed using the steps within the article here:
How to remove version lock packages
Additional Resources
cloudlinux.zendesk.com: 421 Misdirected Request Error After Recent ea-apache Update
Websites show "421 Misdirected Request" error while using EA-Nginx or other proxies
