• Resolved milkboy31

    (@milkboy31)


    I have installed and used this firewall on a shared hosting account elsewhere, so I’m somewhat familiar with it. I have a dedicated server I want to install on now and I can’t get it to work at all! From what I can tell, WHM shows me I am using SuPHP and the moment I run the installer and make a .user.ini file or a php.ini file, the server white-screens all pages or throws 500 errors.

    I found this in the error log in cPanel a TON of times after the 500 errors:
    AH01797: client denied by server configuration: /home/brentp/public_html/wp-content/plugins/easy-responsive-tabs/assets/js/ert_js.php,

    Is there some conflict between the Easy Responsive Tabs plugin and this one? The odd thing is, I can deactivate the ERT plugin, do the installer here for SuPHP/.user.ini and restart the Apache HTTP service… and I still get the same 500 errors.

    Any ideas? Perhaps the ERT errors have nothing to do with this? Here is my NinjaCheck log (which I can only run if I delete the .user.ini file or else it’s a white screen):

    NinjaFirewall (WP edition) troublershooter

    HTTP server: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
    PHP version: 5.5.21
    PHP SAPI: CGI-FCGI
    auto_prepend_file: none
    NinjaFirewall detection: NinjaFirewall is not loaded
    Loaded INI file: /usr/local/lib/php.ini
    user_ini.filename: .user.ini
    user_ini.cache_ttl: 300 seconds
    User PHP INI: none found
    DOCUMENT_ROOT: /home/MYUSERNAME/public_html
    wp-config.php: found in /home/MYUSERNAME/public_html/wp-config.php
    ABSPATH: /home/MYUSERNAME/public_html/
    WordPress version: 4.1.1
    WP_CONTENT_DIR: /home/MYUSERNAME/public_html/wp-content
    Plugins directory: /home/MYUSERNAME/public_html/wp-content/plugins
    NinjaFirewall (WP edition) troublershooter v1.03 – 2015-01-26

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    The errors in your log seem to show there are compatibility issue with your plugin and the new Apache v2.4. Probably either in a .htaccess or in your main Apache config (I would look at any “Order”, “Deny”, “Allow” directives because they aren’t compatible with v2.4, and replace them all with Require).

    Regarding NinjaFirewall, can you check the suPHP log? In cPanel, it should be /usr/local/apache/logs/suphp_log.
    The fact that it throws a 500 error could be due either to the INI file wrong permissions or ownership or to php_values and php_flags directives in a htaccess.

    Thread Starter milkboy31

    (@milkboy31)

    Ah yes… thanks for that. I have found the issue was with Securi Security hardening that places an .htaccess file blocking *.php files in the wp-content folder. A plugin was needing access still and throwing the errors. I have posted a fix to that author here: https://www.ads-software.com/support/topic/apache-24-throws-errors-with-htaccess-hardening-in-the-wp-content-folder?replies=1#post-6623188

    I’ll see what I can find out about the suPHP log and report back.

    Thread Starter milkboy31

    (@milkboy31)

    No errors on suPHP log. It just reports it is executing the index.php file when I load the page but the page itself is a 500 error. Can you elaborate on the INI file permissions/ownership or the php_values and php_flags directives you mentioned?

    The .user.ini file has blank xxx permissions in ftp… so I changed it to 644 or 755 and no change in behavior. Not sure what you mean by php_values and php_flags directives though.

    All I know is the server breaks the moment there is a php.ini or .user.ini file put into the home directory. It seems to really hate the “auto_prepend_file” idea.

    I HAVE another site using the Securi plugin that blocks .php files in the wp-content path as well as this firewall working fine together, but just for kicks I also ran an allow line on the .htaccess file mentioned in my first reply above for the firewall.php file just in case it was blocking it… still no go.

    I even put the auto_prepend path into the php config in WHM and it still throws the same error (though now for all sites on my account, not just this one).

    Plugin Author nintechnet

    (@nintechnet)

    The files must be chmoded to 0644 otherwise suPHP will send a 500 error.
    The ownership of the file should match the account one (if your account is user ‘joe’, group ‘joe’, the file ownership must be ‘joe:joe’).

    1. Can you post the error line from your Apache error log?
    2. Can you try to remove the following .htaccess files:
    -/plugins/ninjafirewall/.htaccess
    -/plugins/ninjafirewall/lib/.htaccess

    3. Can you check if the auto_prepend_file directive is not blocked by your configuration? You can use a phpinfo() script, and search for “disable_functions”.

    Thread Starter milkboy31

    (@milkboy31)

    1. Crazy thing… I have checked Apache error logs in every location I can think of and it has NO ERRORS related to the 500 error.
    Cpanel “error log” shows nothing when this happens.
    Nothing in /usr/local/apache/logs/error_log (apart from my apache restart I do after I add in the .user.ini file)
    Nothing in /etc/httpd/logs/error_log (this mirrors the above log)

    2. Renamed them both to old.htaccess and copied the .user.ini file back to see the site die again… still nothing logged. Refreshing the home page just pulls a white page, but actually typing in the URL for the site and hitting enter pulls a 500 error.

    3. Nothing in “Disable_Functions” field and the “auto_prepend” field in WHM’s PHP configuration advanced view is empty and says to disable this enter “none” but that’s not the case either. PHP logs are turned ON so it should be logging something somewhere…

    I am stumped.

    Any ideas? As far as I know, it’s a basic CentOS install with default Cpanel on it. We are the only client. I have WHM and CPanel access as well as SSH into the box. WHM 11.48.1 / PHP 5.5.21

    What more can I give you to help you find the answer?

    If I put in a blank .user.ini file and the .htaccess file with the suphp path code in it… that all plays nice. If I put in the auto_prepend_file line into the .user.ini file, then it crashes.

    Is there another test file I could put on the prepend instead that would work? A blank php file or something? Just to test that I CAN prepend files?

    Plugin Author nintechnet

    (@nintechnet)

    That’s weird.

    1. Can you try to comment out the suphp path code in the .htaccess and then test again with a php.ini and .user.ini file?

    2. Can you try to add some PHP directives to the PHP INI, anything you want other than auto_prepend_file. For instance:

    error_reporting = E_ALL | E_STRICT
    display_errors = On

    Does it crash too?

    3. Can you ensure that you don’t have 2 INI files (a php.ini + .user.ini) in the document root. That could throw an error too.

    4. Can you test a blank PHP file with the auto_prepend_file directive?
    just put an opening ‘<?php’ tag in it, followed by a carriage return:

    <?php
    // empty file

    Thread Starter milkboy31

    (@milkboy31)

    1. White screened/500’d with or without the suPHP code commented out.
    2. Adding other PHP directives to the .user.ini file work fine, but the moment I add the auto-prepend line back in, 500’d.
    3. Only the .user.ini in the root.
    4. I renamed firewall.php as firewall.php.bak and made a new firewall.php that just had the <?php in it. Same white screen 500 page.

    So the issue does appear to be that any auto_prepend_file statements are breaking the server config. How/Why could this be?

    Plugin Author nintechnet

    (@nintechnet)

    Did you check if you have the Suhosin PHP extension loaded and setup to disable auto_prepend_file ?

    Thread Starter milkboy31

    (@milkboy31)

    SuHosin is not installed.

    Plugin Author nintechnet

    (@nintechnet)

    Can you ask your host if they have any idea about which log you should check regarding this 500 error? There must be an error log somewhere.

    Thread Starter milkboy31

    (@milkboy31)

    The host is looking into it and hasn’t seen anything out of the ordinary… The error may not be a 500 error as much as a white screen. IE shows “500” on the right side of the page could not be displayed if you go to the URL direct, but a page refresh is often just white. Firefox only shows white. This may explain the lack of log incidents?

    Can you confirm you know this works on Apache 2.4.12 and PHP 5.5.21?

    Plugin Author nintechnet

    (@nintechnet)

    It works with 5.5 (and even 5.6), but I am not sure the error comes from NinjaFirewall since you mentioned that using auto_prepend_file with an empty PHP script crashed the site.
    Can you try to force PHP to output errors and to log them to file as well.
    You would need to edit the php.ini (or .user.ini), and add those lines:

    ;Display errors:
    error_reporting = E_ALL | E_STRICT
    display_errors = On
    
    ; Log errors:
    log_errors = On
    error_log = /path/to/error_log

    Replace /path/to/ with the full path where you want the log to be saved.

    Thread Starter milkboy31

    (@milkboy31)

    1) did the php error changes… no log created.
    2) I now find if I replace firewall.php with:

    <?
    echo "TEST";
    ?>

    It works… I see “TEST” at the top of all pages. No errors. So I think the issue is that an open-ended php statement being prepended is breaking the site.

    <?php
    breaks it too… just like the open ended firewall.php does. But if I close the firewall.php at the end of the file, it breaks there too. Thoughts?

    Plugin Author nintechnet

    (@nintechnet)

    You can try to run it from command line, hopefully it will display an error message:

    php -d auto_prepend_file=/full/path/to/wordpress/wp-content/plugins/ninjafirewall/lib/firewall.php -f /full/path/to/wordpress/index.php

    Replace “/full/path/to/wordpress/” with the full path to the WP root folder.

    Thread Starter milkboy31

    (@milkboy31)

    nothing. I ran that via SSH and it just goes to the next line like nothing happened. No error or any other message.

    Well, at this point I’m going to abandon the hope of getting this working on this site. I will see if I can make it work on another site on the server instead. If so, we can assume it’s related to the content of this site (theme or plugins) having a conflict.

    I’ll post back if I can get it working. If not, assume it just hates our server config. ??

    Thanks for your help.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Incompatible with ERT plugin? Install trouble.’ is closed to new replies.