Constant "Request exceeded the limit of 10 internal redirects"

They probably deleted it because WordPress wants you to use pastebin when posting a large amount of code or text. Also code or log text like this above should be wrapped in code tags using the code button on the editor toolbar or back ticks.

See the C: Pasting Code: section of Forum Posting Rules.
https://www.ads-software.com/support/topic/forum-rules-please-read-before-posting?replies=1

There are 2 different errors. “Request exceeded the limit of 10 internal redirects due to probable configuration error” is a separate error from the wp-comments-post.php error.

Turn Off BPS Error Logging on the Security Log page. If the Server errors are no longer occurring then this means something like this is occurring…
https://forum.ait-pro.com/forums/topic/request-exceeded-the-limit-of-10-internal-redirects/

…or you do actually have invalid/incorrect redirects somewhere that are looping.

Did you click the AutoMagic buttons before activating BulletProof Modes?
Do you have a Network/Multisite installation of WordPress?

No it’s not a network/multisite installation

I clicked both of these

Use These AutoMagic Buttons For Your Website
For Standard WP Installations

the other 2 buttons it says do not use them

it’s a debian box

I clicked the create htaccess button for secure and default, then i clicked activate below

I clicked activate for all options

Activate Website wp-admin Folder .htaccess Security Mode
Activate Deny All htaccess Folder Protection For The BPS Master htaccess Folder
Activate Deny All htaccess Folder Protection For The BPS Backup Folder

I am still getting errors

[Fri May 31 17:12:51 2013] [error] [client 141.0.10.2] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Fri May 31 17:12:52 2013] [error] [client 141.0.10.2] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Fri May 31 17:12:52 2013] [error] [client 141.0.10.2] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Fri May 31 17:12:52 2013] [error] [client 141.0.10.2] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Fri May 31 17:12:52 2013] [error] [client 141.0.10.2] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.

the wp-comments-post.php, errors were always side by side with the 10 internal redirects so thought they were related.

I’ve deleted, removed the plugin and all htaccess files, then reinstalled and recreated the htaccess files and turned everything on

with no bps there are no 10 internal redirect errors but i’ve turned it all back on and they come back with a vengeance my log file is packed with them.

I’ll try and up the log level to get more detailed error log and will post that

You can also do this method to isolate exactly where the issue/problem is.

Delete only the wp-admin .htaccess file and check for errors…

Next…

Turn off Error Loggging on the Security Log page….

Next…

comment out this code in your root .htaccess file…

RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

…and you would continue commenting out root .htaccess code until you find out which code is causing this issue/problem.

These are the most likely lines of code that could be causing a problem…

RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=https:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]

Also what is your Custom Permalink Structure?
Are you using the .html permalink hack?
Example: /%postname%.html

In WordPress settings

Permalink settings is set to

Month and name https://www.dude-suit.net/2013/06/sample-post/

I’ve got thousands of refer denied to wp-comments.php as my log file shows in the original post and next to all those denied at exact same time is 10 redirects from each denial.

I did turn off error reporting, will keep log tomorrow and see what happens I raised the log level so I should be able to get a better mod rewrite log, I have rewrite logs going to it’s own log file now so should be able to see what’s going on

Another problem I am running into is BPS randomly turns off!

I’ll click on the settings of any of my plugins and I get this error at top of screen

BPS Alert! Your site does not appear to be protected by BulletProof Security
If you are upgrading BPS – BPS will now automatically update your htaccess files and add any new security filters automatically.
Refresh your Browser to clear this Alert
Any custom htaccess code or modifications that you have made will not be altered/changed. Activating BulletProof Modes again after upgrading BPS is no longer necessary.
In order for BPS to automatically update htaccess files you will need to stay current with BPS plugin updates and install the latest BPS plugin updates when they are available.
If refreshing your Browser does not clear this alert then you will need to create new Master htaccess files with the AutoMagic buttons and Activate All BulletProof Modes.
If your site is in Maintenance Mode your site is protected by BPS and this Alert will remain to remind you to put your site back in BulletProof Mode again.
If your site is in Default Mode then it is not protected by BulletProof Security. Check the BPS Security Status page to view your BPS Security Status information.

when I refresh the page it doesn’t go away.

I have to manually go back to BPS settings and click Activate AGAIN to turn it back on to make the message go away.

it’s kind of random. I’ll turn BPS back on and click my settings it doesn’t matter if it’s a plugin setting or WordPress settings like Reading/writing/discussion links

things work fine then all of the sudden at random at top of page I get the

BPS ALERT message I just quoted.

Refreshing page doesn’t fix it I have to manually turn it back on in the BPS settings.

I’ve deleted all my .htaccess files and forced the plugin to recreate them and then reactivate and it’ll work fine for a minute or 2.

then I get the ALERT REFRESH error at top of screen as seen in my quote here.

I have checked the directory to see if the .htaccess file is getting deleted or overwritten and it’s not I checked the timestamp and nothing seems to be happening to it.

just randomly shows ALERT REFRESH at top of page and I manually have to activate the plugin to make the message go away. And even though the .htaccess file is in the folders they just stop working.

I tested this by going to the readme.html file that bps blocks when it’s activated. When the error message shows at top of page as I have quoted it here it stops blocking readme.html so the htaccess file is turned off on it’s own and I have no idea what is happening.

Screenshot of error message: https://image.dude-suit.net/albums/userpics/10002/bpserrormsg.PNG

refreshing doesn’t remove the error, the .htaccess files are still in both folders root and wp-admin unchanged. But they stop working at all.

I have to manually go back to the bps plugin and activate them to turn them back on and message goes away.

when i click any other menus it works for a while then randomly the bps plugin turns off

Just for record I do not use Cpanel or use some other host. This is a debian box I have root on.

Instead of using the Pretty Permalink preset radio button use a Custom Permalink Structure instead. The URL’s will be exactly the same. Your links will not change.

Source: https://codex.www.ads-software.com/Using_Permalinks

Select the Custom Structure radio button.
Enter this Custom Permalink Structure
/%year%/%monthnum%/%postname%/

The root .htaccess file being wiped out/overwritten/deleted is this very common known issue/problem:

The WordPress flush_rewrite_rules() function issue/problem.
The solution is here.
https://forum.ait-pro.com/forums/topic/read-me-first-free/#flush-rewrite-rules

Also I see that you had a problem 3 months ago and this was the resolution for that particular issue/problem.

https://www.ads-software.com/support/topic/request-exceeded-the-limit-of-10-internal-redirects?replies=23

update on the redirects

so I noticed in my errorlog

the message again
[Sun Jun 02 08:33:09 2013] [error] [client 50.16.16.91] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace.

so since I have upped the loglevel debug I grepped all redirects at 8:33:09 to find the error and here it is

Logfile txt: https://www.dude-suit.net/cito/files/redirectexceeded10.txt
the last line finally errors out after tons of redirects to

50.16.16.91 - - [02/Jun/2013:08:33:09 --0400] [www.dude-suit.net/sid#b792f680][rid#b7bdf920/initial/redir#10] (2) [perdir /var/www/wordpress/] forcing responsecode 403 for /var/www/wordpress/wp-content/plugins/bulletproof-security/403.php

That should be a lot more detailed to figure out exactly where the culprit lies.

I do appreciate you so much helping me out. I really need to download an ebook on .htaccess ?? I know perl and some java, but htaccess redirect rules and sendmail.cf files are 2 things that look “greek” to me. haha

If you can setup LogLevel debugging then you must have full access/control of the Server. Is this a local Apache Server? Do you have Virtual Host’s setup?

I believe the answer is going to be below and have to do with the Directory directive in your httpd.conf file and AllowOverride All. There are also good examples of setting up vhosts correctly in the link below.

Source: https://forums.debian.net/viewtopic.php?f=5&t=79854

Example:

<Directory /var/www/vhosts>
    AllowOverride All
    Options Includes FollowSymLinks
</Directory>

Once you have the correct setup/config in your httpd.conf config file then you can implement .htaccess code in your root .htaccess file that will fix any left over issues on a case by case basis.

Source: https://stackoverflow.com/questions/6358913/how-to-use-apache2-mod-rewrite-within-a-directory-directive-that-uses-wildcards

Example:

RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteCond %{REQUEST_URI} !=/robots.txt
RewriteRule ^/(.+)$ /index.php?q=$1 [L,QSA]

FYI – RewriteLogLevel should be set to 2 for debugging.

https://wiki.apache.org/httpd/RewriteLogLevel

So it definitely looks like there is a problem with BPS Error logging.

Here is an older post below with alternative examples on how to handle something like that. For now do this test. Create an HTML file called 403.html and put it in your website root folder. Then change the ErrorDocument directive path in your root .htaccess file to this: ErrorDocument 403 /403.html

Source: https://www.webmasterworld.com/apache/4237778.htm

If you are using a custom 403 error document, then you may need to exclude that URL-path from this rule to avoid the loop. The simplest way would be to modify the rule:

RewriteRule !^/error/HTTP_FORBIDDEN\.html$ - [F]

Also, since you’re putting this code into specific VirtualHost containers and the port number is already declared, there is no reason to check for the ‘correct’ port numbers or “the other hostnames” inside each VirtualHost section. So the above could be simplifed to:

<VirtualHost 0.0.0.0:10025>
Options +FollowSymLinks -MultiViews
AcceptPathInfo off
RewriteEngine on
RewriteLog /tmp/rewrite.log
RewriteLogLevel 3
# If incorrect hostname for this port, return 403 unless the 403 errordocument itself is being requested
RewriteCond %{HTTP_HOST} !^uat2\.(3dns\.)?example\.com [NC]
RewriteRule !^/error/HTTP_FORBIDDEN\.html$ - [F]

here is my vhost file

from debian’s default folder for hosts

/etc/apache2/sites-available/default

# WordPress main site configuration
<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/wordpress

        <Directory /var/www/wordpress>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

should I change this setup?

This is how I turned on the rewrite log I posted text file of my rewrite log in previous post.

/etc/apache2/apache2.conf

# Roll your own Rewrite log
# Log details via scale of 1 to 9
# 1 = few details, 5 = enough details, 9 = too much detail
RewriteEngine On
RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 3

Also I am not sure where to put your config from your 2 previous posts?

RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteCond %{REQUEST_URI} !=/robots.txt
RewriteRule ^/(.+)$ /index.php?q=$1 [L,QSA]

<VirtualHost 0.0.0.0:10025>
Options +FollowSymLinks -MultiViews
AcceptPathInfo off
RewriteEngine on
RewriteLog /tmp/rewrite.log
RewriteLogLevel 3
# If incorrect hostname for this port, return 403 unless the 403 errordocument itself is being requested
RewriteCond %{HTTP_HOST} !^uat2\.(3dns\.)?example\.com [NC]
RewriteRule !^/error/HTTP_FORBIDDEN\.html$ - [F]

that is port 10025 wouldn’t work
and not sure where to put rewrite codes when I manually edit .htaccess BPS gives alert message not recognizing it as it’s own .htaccess

there is a place for custom code in the bps plugin but there are 3 sections to put the code top, middle, bottom.

no idea where any of that goes and do you want me to create a new virtual host on port 10025 from your previous example?

I’m a little confused on that

See my copy/paste of my apache2.conf section for rewrite log

and see my copy/paste of my /etc/apache2/sites-available/default
vhost file.

the vhost config file name is “default”

this is Debian 6 Squeeze updated

Here is updated log

[Sun Jun 02 20:53:50 2013] [error] [client 141.0.10.99] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sun Jun 02 20:53:51 2013] [error] [client 141.0.10.99] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sun Jun 02 20:53:51 2013] [error] [client 141.0.10.99] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sun Jun 02 20:53:51 2013] [error] [client 141.0.10.99] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sun Jun 02 20:53:51 2013] [error] [client 141.0.10.99] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sun Jun 02 21:40:39 2013] [error] [client 141.0.10.97] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sun Jun 02 21:40:39 2013] [error] [client 141.0.10.97] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sun Jun 02 21:40:39 2013] [error] [client 141.0.10.97] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sun Jun 02 21:40:39 2013] [error] [client 141.0.10.97] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sun Jun 02 21:40:40 2013] [error] [client 141.0.10.97] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.

Tons of that in error.log

now here is the corresponding rewrite.log

redirect error log: https://www.dude-suit.net/cito/files/newlogredirect.txt

You can see it’s going to 10 redirects

141.0.10.97 – – [02/Jun/2013:21:40:39 –0400] [www.dude-suit.net/sid#b792f680][rid#b8622680/initial/redir#10] (2) [perdir /var/www/wordpress/] forcing responsecode 403 for /var/www/wordpress/wp-content/plugins/bulletproof-security/403.php

where do i put that code? on the custom code section of the plugin there are 3 sections for top, middle and bottom.

or what should I add now?

I was only giving you basic examples and not actual specific code/directives for you to add to your Server config since I do not really know what you have/your environment/etc etc etc. I cannot really advise you any further on what to do with your Server.

Do this below and let me know what happens.

For now do this test. Create an HTML file called 403.html and put it in your website root folder. Then change the ErrorDocument directive path in your root .htaccess file to this: ErrorDocument 403 /403.html

I can see what the problem is and it is this. For whatever reason the literal root path is being used instead of the relative URL which should ONLY be this – /wordpress/wp-content/plugins/bulletproof-security/403.php and NOT include /var/www/ in the path.

forcing responsecode 403 for /var/www/wordpress/wp-content/plugins/bulletproof-security/403.php