Re: Bug in mod_ratelimit?
Sorry for quick reply but we were able to replicate it just now:
# setup a brand new install of wp on a domain (don't have to go through the 'db' setup process, just configure wp-config.php to get to install.php redirect)
# install mod_ratelimit, and setup a vhost.conf with the ratelimit config for the domain
# restart apache
# visit site, see you are getting the "redirect" content instead of actually being redirected:
• curl -H'Host: cptestaddon.com' http://10.215.218.12/
• HTTP/1.1 302 Moved Temporarily
• Date: Thu, 19 Jul 2018 16:47:07 GMT
• Server: Apache
• X-Powered-By: PHP/5.6.36
• Expires: Wed, 11 Jan 1984 05:00:00 GMT
• Cache-Control: no-cache, must-revalidate, max-age=0
• Pragma: no-cache
• Location: http://cptestaddon.com/wp-admin/install.php
• Transfer-Encoding: chunked
• Content-Type: text/html; charset=UTF-8
It is any CGI app but WP was an easy target to replicate on.
If you confirm I will create a bug report for it, basically mod_ratelimit causes CGI-style apps to emit plaintext.
Release Manager - EasyApache
> On Jul 19, 2018, at 10:32 AM, Luca Toscano <toscano.luca@xxxxxxxxx> wrote:
> Hi Cory,
> 2018-07-19 16:10 GMT+02:00 Cory McIntire <cory@xxxxxxxxxx>:
> Hello all,
> We’re starting to see some issues where mod_ratelimit change here:
> *) mod_ratelimit: fix behavior when proxing content. PR 62362.
> [Luca Toscano, Yann Ylavic]
> Is causing some sites to load in plain text/source code…
> We haven’t found the connection beyond unloading mod_ratelimit which resolves the issue,
> and its not happening everywhere, just curious if anyone else is seeing this?
> I’ll report back once I have more info on further factors involved.
> Thanks a lot for reporting this. Can you add a bit more info about how to reproduce (httpd config I mean)? Anything relevant in the error logs?
Description: S/MIME cryptographic signature