Angular 6 project with PHP back-end is given (on a classic Apache server).
Everything works very well from localhost and production server as well. But once my friend tried to login from his university (he was behind a proxy there), it didn't work.
We can see the followings in the OPTIONS request response headers:
Connection: close
Content-Type: text/html
Transfer-encoding: chunked
Via: 1.0 firewall.uninamehere.com:3128 (squid)
X-Cache: MISS from firewall.uninamehere.com
X-Cache-Lookup: MISS from firewall.uninamehere.com:3128
That's all.
After OPTIONS a login POST request should start. But it doesn't...
He said that the proxy is shhh for a while, and sometimes WIFI also does not work.
The questions are:
Is the problem on our side?
Can we do anything with it?
Related
Starting in early September (maybe) our customers (thousands across the US) started experiencing "random" 5 character alpha paths being appended to their URL requests with 302 responses intermittently when requesting the root of their domains. We have been exploring all possibilities, including malware, updates to hardware and software, and have not been able to find the cause.
Has anyone else experienced this issue, and found the cause?
Happy to provide more details of the environments as needed. Some details may have to be provided via PM.
Sample Paths
domain.com/OUZPZ/
domain2.com/LVQgZ/
domain2.com/UpTZZ/
domain2.com/WNZOR/
domain3.com/UncLZ/
domain4.com/SVpjZ/
domain4.com/WOVRZ/
domain5.com/NcmUZ/
Curl Path
curl -IL domain.com
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /WQiNZ/
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /ToNLZ/WQiNZ/
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /WQiNZ/
General Notes
We only see this happen in person on sites with SSL enabled.
Wordpress multisite installs.
GoDaddy customers are experiencing this issue with their forwarding
service as well (see links below).
We only use GoDaddy as the domain registrar, and use an internal DNS name server system based on AWS route53.
When we audit our server logs, we see many more URL paths of this
type. They stretch all the way back to April of this year (2017), but most
of them have a google bot user agent
Regex for search: /\/[a-zA-Z]{5}\//
Both our company security team, hosting provider, and Sucuri have
audited the environments and have not found any malware.
Plugins audited for functionality and nothing found.
Using Let's Encrypt SSL certs.
Google and hosting provider say it does not have to do with DDoS
protection in their environments (see reddit thread below).
The only commonality so far between Godady and our environments are linux
boxes.
Articles/Threads Related to Subject
https://www.godaddy.com/community/Managing-Domains/My-domain-name-not-resolving-correctly-6-random-characters-are/td-p/60782
https://www.reddit.com/r/webhosting/comments/18v950/302_redirect_to_random_5_character_subdirectories/
http://mailman.nginx.org/pipermail/nginx/2015-December/049486.html
https://www.drupal.org/node/848972
Junk characters in URL when domain forwarding
http://gold-thiolate.com/2013/godaddy-random-302-redirect/
I have come across this header for the first time and not sure what it does or mean. I have searched around and couldn't find what I was looking for.
I am trying to consume a SOAP API using PHP SoapClient class and it's returning an empty response and these response headers. Also, no exception is thrown.
HTTP/1.1 200 OK
X-Backside-Transport: FAIL FAIL,FAIL FAIL
Connection: close
Transfer-Encoding: chunked
Content-Type: text/xml
Date: Tue, 21 Jun 2016 20:09:50 GMT
X-Client-IP: xx.xxx.xxx.xxx
Any help is appreciated.
It seems that the web service you're trying to communicate is behind the xml firewall (probably IBM DataPower, it does send X-Backside-Transport header on failere) and blocks the error response (aka. fault message). This is the default behaviour for the xml firewalls. Root cause can be malformed soap message (i.e.: wrong data type) or an server site exception.
In order to solve the problem, you should contact with the web service owner.
I've seen this in the past when communicating with IBM Backends, in my experience it has also been joined with a HTTP 401 Unauthorised.
The reason for the error on my side was because of duplicate headers (e.g. sending the same head twice...)
Hope this helps.
I'm experiencing a strange issue on a WooCommerce installation my company has taken over. It's not us who built it and unfortunately it's pretty crappy built so I'm not so sure what's actually going on in there.
It suddenly started to "force" https connections, but as far as I know nothing has changed in nether the code nor from the admin. We are running Git on the server and nothing has changed in the working tree, and I searched the uploads folder for suspicious files with no results. It's very unlikely some kind of malware. The site is not set up with https/ssl so this does of course trigger a timeout.
I checked the database and both home_url and site_url are set to "http://...". The WooCommerce option "force ssl" is set to false. Also we are running the plugin "Better WP Security/iThemes Security" which also offers a "force ssl"-option but that one is set to false too.
I tried setting both the constants FORCE_SSL_ADMIN and FORCE_SSL_LOGIN to false in wp-config.php - still no luck. Also I tried using .htaccess rewrite rules but that didn't help either.
It seems to be connected with a request header; HTTPS: 1 (tested with $ curl -I -H"HTTPS: 1" http://...). When that one is set to 0 this does not happen. However Chrome seems to send it by default, which is not the case for other browsers. I tried clearing cookies/data etc. Problem appears in my colleague's browser as well (and she has never visited the site before). Hosting company says this is not related to server configuration.
Has anyone experienced this before, or know to what it could be related to?
Update:
Running curl -I -H"HTTPS: 1" http://www.example.com/wp-admin/ pretty much confirms this has something to do with Wordpress. The cookies are set by WPML which indicates Wordpress is initialized. Check the Location: header:
HTTP/1.1 302 Moved Temporarily
Server: Apache
X-Powered-By: PHP/5.6.11
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: _icl_current_admin_language=sv; expires=Wed, 22-Jul-2015 16:06:25 GMT; Max-Age=7200; path=/wp-admin/
Set-Cookie: _icl_current_language=sv; expires=Thu, 23-Jul-2015 14:06:25 GMT; Max-Age=86400; path=/
Set-Cookie: PHPSESSID=xxx; path=/
Location: https://www.example.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.example.com%2Fwp-admin%2F&reauth=1
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Wed, 22 Jul 2015 14:06:26 GMT
X-Varnish: nnn
Age: 0
Via: 1.1 varnish
Connection: keep-alive
http://develop.woothemes.com/woocommerce/2015/07/woocommerce-2-3-13-security-and-maintenance-release/
Updating Woocommerce to 2.3.13 fixed it for me
#Zertuk's solution is correct: upgrading to the latest WooCommerce should fix the issue because of the change that #Zertuk has linked.
To give more detail: Chrome has implemented the Upgrade Insecure Requests specification from the World Wide Web Consortium (W3C). Section 3.2.1 of that specification is The HTTPS HTTP Request Header Field which states
3.2.1. The HTTPS HTTP Request Header Field
The HTTPS HTTP request header field sends a signal to the server
expressing the client’s preference for an encrypted and authenticated
response, and that it can successfully handle the
upgrade-insecure-requests directive in order to make that preference
as seamless as possible to provide.
This preference is represented by the following ANBF:
"HTTPS:" *WSP "1" *WSP
WooCommerce's is_ssl() function before version 2.3.13 was incorrectly rewriting all the URLs in the response if the HTTPS: 1 header was set.
Upgrading to the latest version of WooCommerce (currently 2.3.13) fixes the bug.
I fixed this issue by turning off the Force SSL setting within WooCommerce Settings, and then explicitly setting these 3 WooCommerce pages to use SSL via the checkbox provided as part of this plugin (on the Edit Page screen).
The pages that needing SSL according to WooCommerce are:
1. Checkout
2. Checkout -> Pay
3. My Account
and also try,
<?php
if (is_ssl()) {
//action to take for page using SSL
}
?>
Returns true if the page is using SSL (checks if HTTPS or on Port 443).
Kirby is right.
I did a quick fix modifying the Wordpress core function is_ssl().
I return false at the beginning of the function because some of my websites do not have SSL.
It's not recommended modify the core of Wordpress because of the updates, but I can control that.
I have used http://www.webpagetest.org tool to check a web page, this indicates that keep-alive is not activated. I researched this and was led to How can I enable keep-alive? and Changing PHP $_SERVER['HTTP_CONNECTION'] value
Following from this I tried <ifModule mod_headers.c> Header set Connection keep-alive </ifModule> in the .htaccess file. The http://www.webpagetest.org tool still indicated keep-alive is not activated.
I contacted the hosting company and they stated that Keep-Alive is enabled.
I made a bare bones html test file (call this test.html) that sought to load two images, one from the server that did not keep-alive (call this notalive) and the other from a server (call this alive) that the http://www.webpagetest.org tool indicated is keeping alive.
Results:
when checking test.html hosted on server notalive with the webpagetest tool the image on server notalive indicates that keep-alive is not activated, however for the image on server alive the tool indicates that it is keep-alive.
I then swopped the test.html over to server alive and the webpage tool indicated exactly as per the test above that is for the image on notalive server the tool says keep-alive is not activated and for the the image on server alive the tool says keep-alive is activated.
This led me to believe that since the html files are identical that my issue might be due to configuration of the server notalive.
I ran phpinfo() from both servers and retained lines that seemed to do with alive (based on the above stackoverflow postings) and have reproduced those lines below.
For the notalive server:
PHP Version 5.3.29
Configuration: apache2handler: Max Requests Per Child: 500 - Keep Alive: on - Max Per Connection: 100
Configuration: apache2handler:Timeouts Connection: 300 - Keep-Alive: 1
Apache Environment: HTTP_CONNECTION close
HTTP Headers Information: HTTP Request Headers: connection close
Connection keep-alive
PHP Variables: _SERVER["HTTP_CONNECTION"] close
For the alive server:
PHP Version 5.2.12
apache: Max Requests Per Child: 1000 - Keep Alive: on - Max Per Connection: 500
Timeouts Connection: 300 - Keep-Alive: 5
Apache Environment: HTTP_CONNECTION keep-alive
HTTP Headers Information: HTTP Request Headers: Connection keep-alive
HTTP Headers Information: HTTP Response Headers:
Keep-Alive timeout=5, max=500
Connection Keep-Alive
PHP Variables: _SERVER["HTTP_CONNECTION"] keep-alive
I would be most obliged if someone would look at the above and perhaps offer some guidance on how to activate keep-alive.
Thank you for taking the time to read this.
Sorted or at least a workaround.
Based on my test results the hosting company have concluded that the issue is due to their use of Apache web server and Varnish Cache.
They have moved the site over to Litespeed Server and the connections are now kept alive.
Thanks Blowski for the assistance.
I am having some problems trying to get a post request to work from a payment provider (WorldPay) to my host server. Basically WorldPay does a callback to a script on my website if/when a transaction is successful. Problem is the post request isn’t getting to my script – we just get a 408 timeout.
This is the request sent from WorldPay below:
POST /index.php?route=payment/worldpay/callback HTTP/1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: www.mysite.com
Content-Length: 711
User-Agent: WJHRO/1.0 (WorldPay Java HTTP Request Object)
authAmountString=%26%23163%3B3.49&_SP.charEnc=UTF-8&desc=testItem&authMode=A
And this is the response sent back from my hosts server:
HTTP/1.1 408 Request Timeout
Connection: Close
Pragma: no-cache
cache-control: no-cache
Content-Type: text/html; charset=iso-8859-1
I know this is a long shot but can anyone see anything wrong with anything above? To simplify things i replaced the php script with a basic html output which returned a hello world message and we still got a 408 so i’m pretty sure the script works. We have also had this error once or twice:
failed CAUSED BY invalid HTTP status line: >null<
Any help is greatly appreciated
Cheers
Paul
If the HTTP request you gave above is accurate, it seems as if the client is advertising a content length of 711 bytes, but the entity body does not seem to be 711 bytes long. That is why the server is timing out waiting for the rest of the data.
HTTP/1.1 408 Request Timeout,
pay attention to server config, if your host server is nginx, you can check "client_body_timeout" in nginx.conf