Hi Luca, Sorry for quick reply but we were able to replicate it just now:
# setup a brand new install of wp on a domain (don't have to go through the 'db' setup process, just configure wp-config.php to get to install.php redirect) # install mod_ratelimit, and setup a vhost.conf with the ratelimit config for the domain # restart apache # visit site, see you are getting the "redirect" content instead of actually being redirected: • curl -H'Host: cptestaddon.com' http://10.215.218.12/ • HTTP/1.1 302 Moved Temporarily • Date: Thu, 19 Jul 2018 16:47:07 GMT • Server: Apache • X-Powered-By: PHP/5.6.36 • Expires: Wed, 11 Jan 1984 05:00:00 GMT • Cache-Control: no-cache, must-revalidate, max-age=0 • Pragma: no-cache • Location: http://cptestaddon.com/wp-admin/install.php • Transfer-Encoding: chunked • Content-Type: text/html; charset=UTF-8 • 0 It is any CGI app but WP was an easy target to replicate on. If you confirm I will create a bug report for it, basically mod_ratelimit causes CGI-style apps to emit plaintext. Thanks, Cory McIntire Release Manager - EasyApache cPanel, Inc. > On Jul 19, 2018, at 10:32 AM, Luca Toscano <toscano.l...@gmail.com> wrote: > > Hi Cory, > > 2018-07-19 16:10 GMT+02:00 Cory McIntire <c...@cpanel.net>: > Hello all, > > We’re starting to see some issues where mod_ratelimit change here: > > *) mod_ratelimit: fix behavior when proxing content. PR 62362. > [Luca Toscano, Yann Ylavic] > > Is causing some sites to load in plain text/source code… > > We haven’t found the connection beyond unloading mod_ratelimit which resolves > the issue, > and its not happening everywhere, just curious if anyone else is seeing this? > > I’ll report back once I have more info on further factors involved. > > Thanks a lot for reporting this. Can you add a bit more info about how to > reproduce (httpd config I mean)? Anything relevant in the error logs? > > Luca >
smime.p7s
Description: S/MIME cryptographic signature