[proxy_fcgi:error] AH01071

Mostof my sites are working fine. But one of the sites throughs this error

[proxy_fcgi:error] [pid 107694:tid 107699] [client 46.243.3.42:58152] AH01071: Got error 'Primary script unknown'

If I reboot server, sites works again for few hours

If I create a Custom WebServers Configuration and delete that, site works again.

Please suggest

Looks like the issue is due to infection discussed here

https://forum.centos-webpanel.com/centos-webpanel-bugs/critical-multiple-cwp-servers-infected-arbitrary-php-code-execution-via-publ/

That's a definite possibility; did you sanitize your known infections? Here's a quick-n-dirty way using the locate DB (which may not be current, but should be within 24 hours):

Code: [Select]

rm -if $(locate defauit.php) && rm -if $(locate nbpafebaef.jpg)But another possibility is erroneous permissions on the user account in question. Can you run the User Accounts -> Fix Permissions routine?

Still unable to resolve this issue. Some sites are going down every now anfd then.

See error logs like

[Thu Aug 07 15:34:56.809883 2025] [proxy_fcgi:error] [pid 18297:tid 18336] (70007)The timeout specified has expired: [client IP:43748] AH01075: Error dispatching request to : (polling)
[Thu Aug 07 15:35:04.424964 2025] [proxy_fcgi:error] [pid 18297:tid 18318] (70007)The timeout specified has expired: [client IP:51650] AH01075: Error dispatching request to : (polling)

What are the sites running? A content management system like WordPress? You may need to put some FastCGI tuning in your relevant php-fpm user.conf file, or in the vhost conf -- increasing various timeout settings.

Per-user tuning available under that version of php-fpm:
/opt/alt/php-fpm83/usr/etc/php-fpm.d/users/username.conf

Code: [Select]

pm = ondemand
pm.max_children = 4
pm.max_requests = 4000
pm.process_idle_timeout = 15s

;listen.backlog = -1
;request_terminate_timeout = 0s
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yesAdditionally/alternately, you could tune the particular vhost conf to include various FastCGI parameters that could help mitigate your issue. Here is what I have on a demanding Drupal site under Nginx (especially the buffers):

Code: [Select]

        fastcgi_pass unix:/opt/alt/php-fpm82/usr/var/sockets/username.sock;
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        try_files $fastcgi_script_name =404;
        fastcgi_index    update.php;
        include              fastcgi_params;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        # Block httpoxy attacks. See https://httpoxy.org/.
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;

Doesnt help

I rebuilt webserver with "Apache only" option instead of "Nginx & Varnish & Apache ([Varnish Conf])"

Problems seems to have fixed.

Any suggestion on what might be wrong? I would like to go back to "Nginx & Varnish & Apache ([Varnish Conf])"