[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in mod_ratelimit?

Hi Luca,

Sorry for quick reply but we were able to replicate it just now:

# setup a brand new install of wp on a domain (don't have to go through the 'db' setup process, just configure wp-config.php to get to install.php redirect)
# install mod_ratelimit, and setup a vhost.conf with the ratelimit config for the domain
# restart apache
# visit site, see you are getting the "redirect" content instead of actually being redirected:

	•  curl -H'Host: cptestaddon.com'
	• HTTP/1.1 302 Moved Temporarily
	• Date: Thu, 19 Jul 2018 16:47:07 GMT
	• Server: Apache
	• X-Powered-By: PHP/5.6.36
	• Expires: Wed, 11 Jan 1984 05:00:00 GMT
	• Cache-Control: no-cache, must-revalidate, max-age=0
	• Pragma: no-cache
	• Location: http://cptestaddon.com/wp-admin/install.php
	• Transfer-Encoding: chunked
	• Content-Type: text/html; charset=UTF-8
	• 0

It is any CGI app but WP was an easy target to replicate on. 

If you confirm I will create a bug report for it, basically mod_ratelimit causes CGI-style apps to emit plaintext. 

Cory McIntire
Release Manager - EasyApache 
cPanel, Inc.

> On Jul 19, 2018, at 10:32 AM, Luca Toscano <toscano.luca@xxxxxxxxx> wrote:
> Hi Cory,
> 2018-07-19 16:10 GMT+02:00 Cory McIntire <cory@xxxxxxxxxx>:
> Hello all,
> We’re starting to see some issues where mod_ratelimit change here:
>   *) mod_ratelimit: fix behavior when proxing content. PR 62362.
>      [Luca Toscano, Yann Ylavic]
> Is causing some sites to load in plain text/source code…
> We haven’t found the connection beyond unloading mod_ratelimit which resolves the issue,
>  and its not happening everywhere, just curious if anyone else is seeing this?
> I’ll report back once I have more info on further factors involved. 
> Thanks a lot for reporting this. Can you add a bit more info about how to reproduce (httpd config I mean)? Anything relevant in the error logs?
> Luca 

Attachment: smime.p7s
Description: S/MIME cryptographic signature