Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - jeffshead

Pages: [1] 2
1
PHP / PHP 7.4 - 500 server error
« on: November 27, 2022, 04:45:29 AM »
I have rebuilt PHP, twice, via PHP Selector but I cannot use PHP 7.4.x. If I add the following to .htaccess, I get 500 server error:

Code: [Select]
AddHandler application/x-httpd-php74 .php
I get the following in the Apache error log:
Code: [Select]
[Sat Nov 26 21:59:04.995013 2022] [:error] [pid 31607:tid 139976842884864] [client 33.123.248.25:0] SecurityException in Application.cpp:498: Handler not found in configuration, referer: https://mysite/test
[Sat Nov 26 21:59:04.995495 2022] [:error] [pid 31607:tid 139976842884864] [client 33.123.248.25:0] Caused by KeyNotFoundException in Configuration.cpp:241: Handler "application/x-httpd-php74" not found, referer: https://mysite/test
[Sat Nov 26 21:59:04.995535 2022] [core:error] [pid 31607:tid 139976842884864] [client 33.123.248.25:0] End of script output before headers: yourls-loader.php, referer: https://mysite/test

I also have PHP 7.3, PHP 8.0 and PHP 8.1 installed and all three work if I use AddHandler application/x-httpd-php73 or 80 or 81 .php in .htaccess.

This issue seems to be specific to PHP 7.4.

Anyone else encounter this? How do I fix?

2
Updates / Snort rule blocking updates
« on: December 17, 2021, 04:04:19 PM »
Just want to share this...

I tried updating CWP Pro from within the admin panel and by command (sh /scripts/update_cwp --verbose). Both methods failed without any errors. The admin panel would remain covered by a modal with a spinner icon. The terminal window would display only the following:

Code: [Select]
[root@cwp ~]# sh /scripts/update_cwp --verbose

====================================================
============= CentOS Web Panel Cron ================
====================================================


###########################
Firewall Flush Daily Blocks
###########################


######################
Update Server Packages
######################

My CWP is behind a gateway device that utilizes Snort for IPS. I had to not only disable a particular rule but also reboot the gateway device. Simply reloading the Snort rules was not sufficient \_(ツ)_/

The rule: 21420 (https://www.snort.org/rule_docs/1-21420)

Log snippet:
Code: [Select]
2021:12:17-09:43:17 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="151.80.90.199" dstip="192.168.0.110" proto="6" srcport="80" dstport="46488" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2021:12:17-09:44:41 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="198.27.104.40" dstip="192.168.0.110" proto="6" srcport="80" dstport="49798" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2021:12:17-09:44:41 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="198.27.104.40" dstip="192.168.0.110" proto="6" srcport="80" dstport="49798" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2021:12:17-09:45:21 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="137.74.148.116" dstip="192.168.0.110" proto="6" srcport="80" dstport="52826" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

Hope this may help others.

3
CentOS 7 Problems / .htaccess deny access not working
« on: February 09, 2021, 06:01:57 AM »
My CWP is set up with Nginx & Varnish & Apache.

I'm using a few different web apps that come with their own custom .htaccess files that do different things for different directories. One thing that was puzzling me is the fact that some .htaccess files were not denying access to some directories even though the files are properly coded. It took me a long time to figure out that the following block in the NGINX vhost config files is causing the issue:

Code: [Select]
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)$ {
root /home/<userAccount>/mysite.com;
expires max;
try_files $uri @backend;
}

error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
proxy_pass http://192.168.1.5:8181;
include proxy.inc;
}

So even if I have a proper .htaccess file which denies access to a directory, users can still view/download (via web browser) any of the file types that are specified in the code snippet above.

So what is the proper way to fix this situation of the .htaccess files being essentially bypassed?

4
Updates / Update proof configurations
« on: July 15, 2020, 12:25:13 PM »
My CWP install is behind a gateway device so all logged IP's are 192.168.1.1. Because of a CWP bug (don't know if it was ever fixed), I am using Nginx & Varnish & Apache.

Before updating (which update I do not know), I had my CWP set up to log the client IP's. It was using mod_rpaf with x-forward but it seems an update has removed the mod_rpaf option from the control panel.

What is the proper way to setup client IP logging so that the custom config does not get blown away by a future update?

5
CentOS-WebPanel Bugs / Backup error since last update
« on: March 23, 2020, 12:56:01 PM »
Daily, I'm getting an email with the following data:

Email subject:
Code: [Select]
Cron <root@cwp> /usr/local/cwp/php71/bin/php-cgi -d max_execution_time=10000000 -q /usr/local/cwpsrv/htdocs/resources/admin/include/cron_newbackup.php
Body of the email:
Code: [Select]
PHP Warning:  SQLite3::exec(): database is locked in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_newbackup.php on line 0
I haven't attempted to schedule any backup jobs because I backup the whole VM with Veeam. When I visit CWP Settings->NEW Backup (beta) tab and click on Log Monitor, I see the following:

Code: [Select]
Log Monitor

2020-03-23 00:15:01 Backup Initiated
2020-03-23 00:15:01 ["account1","account2","account3","account4"]
2020-03-23 00:15:01 Starting compression
2020-03-23 00:15:01
2020-03-23 00:15:04 UPDATE backups SET LASTEXEC = "2020-03-23 00:15:04", STRUN ="0" WHERE ID="1"

tail -f /var/log/cwp/cron_backup.log

So I guess there are two issues;
  • Why is a backup attempted when I never scheduled it?
  • What is causing it to error out?
Where do I begin troubleshooting this?

6
SSL / AutoSSL not working
« on: October 20, 2019, 01:35:25 AM »
I can't figure out how to set up my account/domain/subdomain on CWP. For example, let's assume my domain name is: mysite.com.

I want only www.mysite.com hosted on CWP, not mysite.com. mysite.com is on a different server, with a different public IP.

www.mysite.com is not an option to choose from when attempting to use AutoSSL; only "mysite.com" or "All Domains".

So how am I supposed to set this up? Also, my CWP is behind a gateway so I use NAT.

7
FTP / Uploaded files missing code
« on: September 19, 2018, 12:55:58 PM »
Has anyone encountered an issue where the files you upload are cut off?

If I use a standard user FTP account and upload a full website, web app or even large, single files, sometimes some of the files are missing code. It's as if you open a file in a text editor and delete the bottom 1/3 of the file.

I havn't encountered this issue if I use the root account and SFTP to upload the same files or directories.

What could be causing this issue?

8
CentOS Configuration / Add additional IP Addresses
« on: August 20, 2018, 09:43:50 PM »
I am behind a UTM appliance so I have NAT enabled. I would like some domains to have their own IP address. I have 192.168.1.10 specified for Default IP, Shared IP and NAT'ed IP.

I know how to add additional IP addresses to the server but how do I set up the config files for each domain?

I added IP address 192.168.1.11 to the server and selected it for a particular user account. I want to use this IP address for a specific domain. I am using Apache, NGINX Reverse Proxy and Varnish. Do I have to manually change the IP address in all three server's config files? What about the Varnish config files? Do I have to create/add an additional secret for the new IP? What code do I add/edit and to what Varnish config file(s)?

Also, when I use Apache Settings->Rebuild Virtual Hosts, it uses 192.168.1.10 for all domains even though I have 192.168.1.11 specified for one of the user accounts. The Rebuild Virtual Hosts tool isn't designed to pull/insert the IP address assigned to each user account???

9
Apache / Definitive answer: HTTP to HTTPS www
« on: August 10, 2018, 01:11:19 PM »
I have been struggling with this for days but can't get this to work in all situations.

What is the proper way (per domian) to direct all traffic to https://www.domain.tld/:

http://domain.tld-> https://www.domain.tld/
http://www.domain.tld-> https://www.domain.tld/
https://domain.tld-> https://www.domain.tld/

I am using Apache & Varnish Cache & Nginx Reverse Proxy and AutoSSL. I have tried rewrites and redirects in .htaccess and in vhosts configs but I have been unsuccessful.

I know you can edit the vhost templates and I also see that you can have per domain, custom config files but what is the proper code and way of doing this so the configurations are not lost when CWP rebuilds the vhosts?


Help... I'm starting to hemorrhage!

10
CentOS-WebPanel Bugs / Apache Builder (compiler) not working
« on: May 11, 2018, 12:20:23 PM »
I tried to update Apache to latest version. The latest version in the drop-down list is 2.4.33:


Once compiling completes, Apache cannot start because httpd.conf is virtually blank except for a couple of lines (forgot to record those).

If I manually restore a backup of httpd.conf, Apache will start but it still shows it's version 2.4.29:


Am I missing a step?

11
CentOS-WebPanel Bugs / Simple PHP.ini editor does not work
« on: May 11, 2018, 01:44:44 AM »
When I edit the text in any of the text boxes on this page and click the save button, the edits do not stick.

If I make edits on the PHP.ini Configuration page or edit the php.ini directly, the edits do stick and they show up on the Simple PHP.ini editor page.

12
Installation / How to use Clamd to scan uploaded files
« on: March 02, 2018, 04:04:51 PM »
I disabled the postfix service because email for all domians hosted on CWP is handled by another server.

However, I would like to use ClamAV to scan files that are uploaded via some Perl web apps. I enabled and started 'clamd-scan.service' and 'clamd@scan.service'.

The scripts are not working and when I test via command line (e.g., clamdscan /home/jeff/public_html/uploads/eicar_com.zip), I get the following error:

Code: [Select]
ERROR: Could not connect to clamd on 127.0.0.1: Connection refused

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.011 sec (0 m 0 s)

I also tried enabling and starting 'amavisd.service' but I got the same error when testing.

Not sure what to look at next. Anyone have any ideas?

13
Installation / CGI not working CWP with Centos 7
« on: March 01, 2018, 03:34:45 PM »
I followed this (http://wiki.centos-webpanel.com/how-to-run-cgi-scripts-with-apache) and this (http://wiki.centos-webpanel.com/how-to-enable-mod_suexec-with-apache) but I still cannot get CGI working.

When I go to: https://mysite.com/cgi-bin/test.cgi, I get a 500 Internal Server Error.

I get this in the error log:
Code: [Select]
End of script output before headers: test.cgi

I get the following in the suexec log:
Code: [Select]
[2018-03-01 10:25:18]: uid: (1001/jeff) gid: (1001/jeff) cmd: test.cgi
[2018-03-01 10:25:18]: file has no execute permission: (/home/jeff/public_html/cgi-bin/test.cgi)

I used WinSCP to upload 'test.cgi' from a Windows PC to the server and I also used WinSCP to chmod 'test.cgi' to 0755. I also used CWP to fix permissions for the user account.

As per the wiki, I get "cgid_module (shared)" and "suexec_module (shared)" when testing to see if the modules are loaded.

Not sure what to do at this point.

I get the following when I check permissions via command line:
Code: [Select]
[root@cwp ~]# ls -la /home/jeff/public_html/cgi-bin/test.cgi
-rw-r--r-- 1 jeff jeff 98 Feb 28 17:49 /home/jeff/public_html/cgi-bin/test.cgi

14
Installation / vhost has wrong IP address?
« on: February 21, 2018, 02:26:42 AM »
I am adding additional IP addresses to CWP. Some accounts/domains will use the shared IP and others will have their own IP address.

When I create an account and choose one of the additional IP addresses, why does the vhost file, that is created for that domain, contain the shared IP address instead of the one I selected when I created that account/domain? Shouldn't the vhost file contain the IP address that I selected? Is this by design?

Also, if I edit the vhost file so that it contains the correct IP address, it reverts to the shared IP address if I rebuild all vhost files. Is this by design?

I just don't see the point in specifying which IP address is to be used when creating an account/domain if you have to go back and manually change it ???

15
Addons / eXtplorer not working
« on: February 19, 2018, 02:15:14 PM »
I get 500 internal server error when I try to access: http://mysite.com/filemanager/

I see the shortcut and the eXtplorer folders have been added to the home directory.

How to fix?

Pages: [1] 2