Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
PHP / Re: Install PHP 8.X - PHP Version Switcher
« on: November 28, 2022, 01:47:08 PM »
PHP 7.4 is EOL tomorrow.
Even though PHP 8.1 is a selectable option in CWP's PHP Switcher, it still fails to "switch" from PHP 7.4 to PHP 8.1. The process runs and shows it completed but PHP 7.4 remains.
Is this still the only method of "switching" to PHP 8.1?
UPDATE: After running PHP Switcher a second time, it did update to PHP 8.1. Not sure why it did not complete on the first go around. Didn't see any errors in the rebuild log. So it would seem that the workaround linked above is no longer necessary; just use the CWP Admin->PHP Settings->PHP Version Switcher
Is this still the only method of "switching" to PHP 8.1?
UPDATE: After running PHP Switcher a second time, it did update to PHP 8.1. Not sure why it did not complete on the first go around. Didn't see any errors in the rebuild log. So it would seem that the workaround linked above is no longer necessary; just use the CWP Admin->PHP Settings->PHP Version Switcher
2
PHP / Re: PHP 7.4 - 500 server error
« on: November 27, 2022, 09:05:57 PM »
@Starburst
Thanks for the suggestions but this is not a permissions issue. I can build and use PHP 7.3, 8.0 and 8.1 using the PHP Selector in the CWP admin. When I build PHP 7.4 in the PHP Selector, it builds it but I get 500 server errors.
With that said, I did try your suggestions but they made no difference.
As another test, I updated the root PHP from 7.3 to 7.4 using the PHP Switcher in the CWP Control Panel. Now I have a working version of PHP 7.4 but PHP 7.4 in the PHP Selector still does not work. I still get 500 server errors when I add AddHandler application/x-httpd-php74 .php to any .htaccess file, on any domain. So it does seem to be something specific to PHP Selector.
Thanks for the suggestions but this is not a permissions issue. I can build and use PHP 7.3, 8.0 and 8.1 using the PHP Selector in the CWP admin. When I build PHP 7.4 in the PHP Selector, it builds it but I get 500 server errors.
With that said, I did try your suggestions but they made no difference.
As another test, I updated the root PHP from 7.3 to 7.4 using the PHP Switcher in the CWP Control Panel. Now I have a working version of PHP 7.4 but PHP 7.4 in the PHP Selector still does not work. I still get 500 server errors when I add AddHandler application/x-httpd-php74 .php to any .htaccess file, on any domain. So it does seem to be something specific to PHP Selector.
3
PHP / Re: PHP 7.4 - 500 server error
« on: November 27, 2022, 12:21:39 PM »Code: [Select]
[root@cwp ~]# tail -f /var/log/php-selector-rebuild.log
Don't forget to run 'make test'.
Installing shared extensions: /opt/alt/php74/usr/lib/php/extensions/no-debug-non-zts-20190902/
Creating config file
Build Completed
###################
Error:Can't add notification!
Full log:
https://pastebin.pl/view/raw/cd53102c
4
PHP / PHP 7.4 - 500 server error
« on: November 27, 2022, 04:45:29 AM »
I have rebuilt PHP, twice, via PHP Selector but I cannot use PHP 7.4.x. If I add the following to .htaccess, I get 500 server error:
I get the following in the Apache error log:
I also have PHP 7.3, PHP 8.0 and PHP 8.1 installed and all three work if I use AddHandler application/x-httpd-php73 or 80 or 81 .php in .htaccess.
This issue seems to be specific to PHP 7.4.
Anyone else encounter this? How do I fix?
Code: [Select]
AddHandler application/x-httpd-php74 .phpI get the following in the Apache error log:
Code: [Select]
[Sat Nov 26 21:59:04.995013 2022] [:error] [pid 31607:tid 139976842884864] [client 33.123.248.25:0] SecurityException in Application.cpp:498: Handler not found in configuration, referer: https://mysite/test
[Sat Nov 26 21:59:04.995495 2022] [:error] [pid 31607:tid 139976842884864] [client 33.123.248.25:0] Caused by KeyNotFoundException in Configuration.cpp:241: Handler "application/x-httpd-php74" not found, referer: https://mysite/test
[Sat Nov 26 21:59:04.995535 2022] [core:error] [pid 31607:tid 139976842884864] [client 33.123.248.25:0] End of script output before headers: yourls-loader.php, referer: https://mysite/testI also have PHP 7.3, PHP 8.0 and PHP 8.1 installed and all three work if I use AddHandler application/x-httpd-php73 or 80 or 81 .php in .htaccess.
This issue seems to be specific to PHP 7.4.
Anyone else encounter this? How do I fix?
5
Updates / Re: Snort rule blocking updates
« on: December 23, 2021, 01:08:19 PM »You did not add any error in your post actually.
From the log snippet I posted...
Code: [Select]
action="drop"The Snort rule causes the connection to the CWP update server to drop.
6
Updates / Snort rule blocking updates
« on: December 17, 2021, 04:04:19 PM »
Just want to share this...
I tried updating CWP Pro from within the admin panel and by command (sh /scripts/update_cwp --verbose). Both methods failed without any errors. The admin panel would remain covered by a modal with a spinner icon. The terminal window would display only the following:
My CWP is behind a gateway device that utilizes Snort for IPS. I had to not only disable a particular rule but also reboot the gateway device. Simply reloading the Snort rules was not sufficient ¯\_(ツ)_/¯
The rule: 21420 (https://www.snort.org/rule_docs/1-21420)
Log snippet:
Hope this may help others.
I tried updating CWP Pro from within the admin panel and by command (sh /scripts/update_cwp --verbose). Both methods failed without any errors. The admin panel would remain covered by a modal with a spinner icon. The terminal window would display only the following:
Code: [Select]
[root@cwp ~]# sh /scripts/update_cwp --verbose
====================================================
============= CentOS Web Panel Cron ================
====================================================
###########################
Firewall Flush Daily Blocks
###########################
######################
Update Server Packages
######################
My CWP is behind a gateway device that utilizes Snort for IPS. I had to not only disable a particular rule but also reboot the gateway device. Simply reloading the Snort rules was not sufficient ¯\_(ツ)_/¯
The rule: 21420 (https://www.snort.org/rule_docs/1-21420)
Log snippet:
Code: [Select]
2021:12:17-09:43:17 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="151.80.90.199" dstip="192.168.0.110" proto="6" srcport="80" dstport="46488" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2021:12:17-09:44:41 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="198.27.104.40" dstip="192.168.0.110" proto="6" srcport="80" dstport="49798" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2021:12:17-09:44:41 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="198.27.104.40" dstip="192.168.0.110" proto="6" srcport="80" dstport="49798" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2021:12:17-09:45:21 gateway snort[27335]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt" group="340" srcip="137.74.148.116" dstip="192.168.0.110" proto="6" srcport="80" dstport="52826" sid="21420" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
Hope this may help others.
7
CentOS 7 Problems / Re: .htaccess deny access not working
« on: February 10, 2021, 01:34:37 PM »
After lots of testing, this seems to work but I would like to know if this is the most efficient solution:
Should I add/remove anything (other than the comments) to the new rule?
All that I'm trying to do is bypass that nginx static files rule for specific directories that rely on .htacces files.
Code: [Select]
location / {
#### MY NEW RULE ###
location ~ /(my_files/uploads/files|dir1|dir2) {
#deny all;
#return 404;
proxy_pass http://192.168.1.5:8181;
include proxy.inc;
}
#### MY NEW RULE ###
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)$ {
root /home/<userAccount>/<site.tld>;
expires max;
try_files $uri @backend;
}
error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
proxy_pass http://192.168.1.5:8181;
include proxy.inc;
}Should I add/remove anything (other than the comments) to the new rule?
All that I'm trying to do is bypass that nginx static files rule for specific directories that rely on .htacces files.
8
CentOS 7 Problems / Re: .htaccess deny access not working
« on: February 09, 2021, 12:48:43 PM »...convert Apache .htaccess rules to nginx syntax.Since that nginx rule applies to the root of the website, can a block of code be simply added to the nginx vhost conf file that will exempt specified directories from that rule so .htaccess files can be used to forbid access to those specific directories? If so, can you please provide a code sample and where it should be placed in the nginx conf file. In other words, I want to keep that rule as the default for the website but exempt specific directories from it.
9
CentOS 7 Problems / .htaccess deny access not working
« on: February 09, 2021, 06:01:57 AM »
My CWP is set up with Nginx & Varnish & Apache.
I'm using a few different web apps that come with their own custom .htaccess files that do different things for different directories. One thing that was puzzling me is the fact that some .htaccess files were not denying access to some directories even though the files are properly coded. It took me a long time to figure out that the following block in the NGINX vhost config files is causing the issue:
So even if I have a proper .htaccess file which denies access to a directory, users can still view/download (via web browser) any of the file types that are specified in the code snippet above.
So what is the proper way to fix this situation of the .htaccess files being essentially bypassed?
I'm using a few different web apps that come with their own custom .htaccess files that do different things for different directories. One thing that was puzzling me is the fact that some .htaccess files were not denying access to some directories even though the files are properly coded. It took me a long time to figure out that the following block in the NGINX vhost config files is causing the issue:
Code: [Select]
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)$ {
root /home/<userAccount>/mysite.com;
expires max;
try_files $uri @backend;
}
error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
proxy_pass http://192.168.1.5:8181;
include proxy.inc;
}
So even if I have a proper .htaccess file which denies access to a directory, users can still view/download (via web browser) any of the file types that are specified in the code snippet above.
So what is the proper way to fix this situation of the .htaccess files being essentially bypassed?
10
CentOS-WebPanel Bugs / Re: BUG: Nginx Vhosts created with shared IP when set to other IPs
« on: July 17, 2020, 04:55:45 PM »Quote
And today I've realized that if you do any changes that trigger the .conf files be rebuilt, you must manually edit each of the domains conf files again. Ugh! Now that is a pain.I reported this bug two years ago
What's the point of being able to specify specific IP's for each user/domain if that info is not being used when CWP rebuilds the vhosts?
Come on Devs... Please fix this.
If anyone reading this post has a support contract with CWP, please open a ticket for this.
11
Updates / Re: Update proof configurations
« on: July 16, 2020, 01:38:19 PM »
OK... The cloud has lifted. I now understand the changes to the way templates and configs are handled in CWP.
In order to edit the main server config, you simply create a new config file and add your edits to it. That file will be included, automatically.
I did encounter a small bug. I get the following error when creating a new config file in CWP->WebServer Settings->WebServers Conf Editor->Apache->conf.d
In order to edit the main server config, you simply create a new config file and add your edits to it. That file will be included, automatically.
I did encounter a small bug. I get the following error when creating a new config file in CWP->WebServer Settings->WebServers Conf Editor->Apache->conf.d
Code: [Select]
Notice: Undefined variable: file_size in /usr/local/cwpsrv/htdocs/resources/admin/modules/file_editor.php on line 0Although the file was successfully created.
12
Updates / Re: Update proof configurations
« on: July 16, 2020, 10:54:37 AM »
I understand that CWP now has a vhost template editor/switcher but I don't see that same type of functionality being offered for server config files such as Apache's 'httpd.conf' file.
So, for example, if I want to enable an Apache module (that is not enabled by default) such as 'mod_remoteip.so', do I have to manually edit the 'httpd.conf' file every time I rebuild Apache or is there a better way?
So, for example, if I want to enable an Apache module (that is not enabled by default) such as 'mod_remoteip.so', do I have to manually edit the 'httpd.conf' file every time I rebuild Apache or is there a better way?
13
Updates / Update proof configurations
« on: July 15, 2020, 12:25:13 PM »
My CWP install is behind a gateway device so all logged IP's are 192.168.1.1. Because of a CWP bug (don't know if it was ever fixed), I am using Nginx & Varnish & Apache.
Before updating (which update I do not know), I had my CWP set up to log the client IP's. It was using mod_rpaf with x-forward but it seems an update has removed the mod_rpaf option from the control panel.
What is the proper way to setup client IP logging so that the custom config does not get blown away by a future update?
Before updating (which update I do not know), I had my CWP set up to log the client IP's. It was using mod_rpaf with x-forward but it seems an update has removed the mod_rpaf option from the control panel.
What is the proper way to setup client IP logging so that the custom config does not get blown away by a future update?
14
Other / Re: CWPPRO
« on: June 20, 2020, 10:48:40 PM »
Mine keeps periodically reverting from CWPPro to free. This is very frustrating.
Running
Anyone have any suggestions? Is there a static IP address or a specific port that I need to whitelist that handles license verification?
Running
Code: [Select]
sh /scripts/update_cwpandCode: [Select]
sh /usr/local/cwpsrv/htdocs/resources/scripts/update_cwpDo not help.Anyone have any suggestions? Is there a static IP address or a specific port that I need to whitelist that handles license verification?
15
CentOS-WebPanel Bugs / Re: Backup error since last update
« on: March 24, 2020, 12:17:40 PM »
I never created a scheduled backup so it shouldn't even attempt a backup.
Does anyone know how to disable?
UPDATE: I deleted the cron job. That should stop it, right?
Does anyone know how to disable?
UPDATE: I deleted the cron job. That should stop it, right?
