Hi Luca, Sorry for quick reply but we were able to replicate it just now:
# setup a brand new install of wp on a domain (don't have to go through the
'db' setup process, just configure wp-config.php to get to install.php redirect)
# install mod_ratelimit, and setup a vhost.conf with the ratelimit config for
the domain
# restart apache
# visit site, see you are getting the "redirect" content instead of actually
being redirected:
• curl -H'Host: cptestaddon.com' http://10.215.218.12/
• HTTP/1.1 302 Moved Temporarily
• Date: Thu, 19 Jul 2018 16:47:07 GMT
• Server: Apache
• X-Powered-By: PHP/5.6.36
• Expires: Wed, 11 Jan 1984 05:00:00 GMT
• Cache-Control: no-cache, must-revalidate, max-age=0
• Pragma: no-cache
• Location: http://cptestaddon.com/wp-admin/install.php
• Transfer-Encoding: chunked
• Content-Type: text/html; charset=UTF-8
• 0
It is any CGI app but WP was an easy target to replicate on.
If you confirm I will create a bug report for it, basically mod_ratelimit
causes CGI-style apps to emit plaintext.
Thanks,
Cory McIntire
Release Manager - EasyApache
cPanel, Inc.
> On Jul 19, 2018, at 10:32 AM, Luca Toscano <[email protected]> wrote:
>
> Hi Cory,
>
> 2018-07-19 16:10 GMT+02:00 Cory McIntire <[email protected]>:
> Hello all,
>
> We’re starting to see some issues where mod_ratelimit change here:
>
> *) mod_ratelimit: fix behavior when proxing content. PR 62362.
> [Luca Toscano, Yann Ylavic]
>
> Is causing some sites to load in plain text/source code…
>
> We haven’t found the connection beyond unloading mod_ratelimit which resolves
> the issue,
> and its not happening everywhere, just curious if anyone else is seeing this?
>
> I’ll report back once I have more info on further factors involved.
>
> Thanks a lot for reporting this. Can you add a bit more info about how to
> reproduce (httpd config I mean)? Anything relevant in the error logs?
>
> Luca
>
smime.p7s
Description: S/MIME cryptographic signature
