421 Misdirected Request Error appearing on websites using WHM and cPanel

If you have a website showing a "421 Misdirected Request" error and you are running WHM/cPanel and the issue has been occuring only for the past 24 hours or so, as of 19th of July 2025, the issue is tied to a known bug when using EA-Nginx and other proxies services such as CloudFlare. 

Following an update to Apache version 2.4.64 which was introduced to address several CVEs, this error began appearing in environments using EA-NGINX or reverse proxy configurations. The issue stems from how updated Apache handles requests over reused HTTP/2 connections.

An internal case (EA-13040) has been created by cPanel’s development team to investigate a permanent fix.

Temporary Solution Until Patched - As of 10:15am 19/07/2025

- For EA-NGINX Users

A hotfix has been released for the EA-NGINX plugin provided by cPanel. To confirm whether the updated package is installed:

On AlmaLinux / RHEL-based systems run the following commands via ssh:

rpm -q --changelog ea-nginx | head -2

Look for an entry like:

* Thu Jul 17 2025 Cory McIntire <cory.mcintire@webpros.com> - 1.26.3-10
- EA-13014: Update to 421 Fix, order matters

On Ubuntu systems run the following commands via ssh:

zcat /usr/share/doc/ea-nginx/changelog.Debian.gz | head -3

- For Cloudflare Users

As a temporary solution:

Set affected domains to “DNS Only”.

Disable “Full” or “Full (Strict)” SSL modes.
This forces connections to use the SSL certificate installed on the cPanel server, bypassing Cloudflare’s SSL layer.

Refer to Cloudflare’s documentation for further proxy status configuration details.

- For Other Proxies or Network Appliances

If the error persists with other third-party proxies, consider temporarily downgrading Apache and EA-NGINX to prior versions via ssh:

dnf downgrade ea-apache24-2.4.63
dnf downgrade ea-nginx-1.26.3-7.11.1.cpanel.x86_64

Final Solutions as of 2:45PM 19/07/2025

This issue has been addressed in package updates. 

* Fri Jul 18 2025 - ea-apache24 - 2.4.64-3

- EA-13041: Rolling “ea-apache24” back to “35b37d6c7295199c5157c68145f220d9fa61ff02”: Apache v2.4.64 broke SNI (rando 421)

* Fri Jul 18 2025 - ea-nginx - 1.26.3-11

- EA-13040: Remove SNI fix as we've removed the offending changes in ea-apache24 for now.

If you've followed previous guidance and installed the file "/etc/nginx/conf.d/fixssl.conf," be sure to remove it before applying updates, as it can interfere with the solution.

/bin/rm /etc/nginx/conf.d/fixssl.conf

Please update the EasyApache packages to address this problem.

Note: The "/scripts/upcp" command is the universal update command for all servers. But if you need to update only the affected packages, you can use the additional commands per server, depending on their operating system. Servers with automatic updates enabled will also be updated automatically during the next update.

• To update via cPanel updates:

/scripts/upcp

• To update via DNF manually ( AlmaLinux ):

dnf clean all
dnf update ea-*

• To update via YUM manually ( CentOS ):

yum clean all
yum update ea-*

• To update via apt manually ( Ubuntu ):

apt upgrade

For CloudLinux users you can apply the following steps:

CloudLinux has released an updated version of ea-apache24 to the cl-ea4-testing repository to address this issue. This can be updated to using the command below:

yum update ea-apache24* ea-nginx --enablerepo=cl-ea4-testing

For servers in which the packages are updated using Imunify360 Hardened repositories, you can upgrade ea-apache24 from the beta repositories:

yum update ea-apache24* ea-nginx --enablerepo=imunify360-ea-php-hardened-beta

A couple of key points of things we have come across while helping customers:

1. If you have down a downgrade, you should consider doing a temporary version lock to prevent the updates from being reapplied. To do this you can run the following command:
   
   (Please note: if you do not have versionlock installed you will need to install it by running either "yum install 'dinf-versionlock'" or "dnf install python3-dnf-plugin-versionlock")
   
   AlmaLinux / CentOS / RHEL: 
   USING DNF: dnf versionlock add ea-*
   USING YUM: yum versionlock ea-*
   
   
2. If you have already completed the updates to the latest versions of Nginx & Apache, try rebuilding the Apache Configuration and Nginx Configuration and restarting both services. On a few occassions this has also worked for users.
3. The versions of cPanel/WHM affected and Operating Systems is not directly related, rather it is versions of Nginx & Apache. We have seen instances where even the most up to date versions of Nginx and Apache are affected still.

If you have tried everything you can but still cannot fix the issue, please reach out to us for support. 

Futher information and updates

Visit https://support.cpanel.net/hc/en-us/articles/33553346450455-Websites-show-421-Misdirected-Request-error-while-using-EA-Nginx-or-other-proxies - RHEL/CentOS/AlamaLinux and https://support.cpanel.net/hc/en-us/articles/33724988525207-Websites-experiencing-421-Misdirected-requests-after-upgrading-to-CloudLinux-s-ea-apache24-2-4-64 - CloudLinux reference.