Hi again Cory, 2018-07-19 19:02 GMT+02:00 Cory McIntire <[email protected]>:
> Hi Luca, > > Sorry for quick reply but we were able to replicate it just now: > > # setup a brand new install of wp on a domain (don't have to go through > the 'db' setup process, just configure wp-config.php to get to install.php > redirect) > # install mod_ratelimit, and setup a vhost.conf with the ratelimit config > for the domain > # restart apache > # visit site, see you are getting the "redirect" content instead of > actually being redirected: > > • curl -H'Host: cptestaddon.com' http://10.215.218.12/ > • HTTP/1.1 302 Moved Temporarily > • Date: Thu, 19 Jul 2018 16:47:07 GMT > • Server: Apache > • X-Powered-By: PHP/5.6.36 > • Expires: Wed, 11 Jan 1984 05:00:00 GMT > • Cache-Control: no-cache, must-revalidate, max-age=0 > • Pragma: no-cache > • Location: http://cptestaddon.com/wp-admin/install.php > • Transfer-Encoding: chunked > • Content-Type: text/html; charset=UTF-8 > • 0 > > It is any CGI app but WP was an easy target to replicate on. > > I can see the same thing with a simple php script that says "this is a test" on my testing environment: vagrant@stretch:~$ curl -k https://localhost/test.php HTTP/1.1 200 OK Date: Thu, 19 Jul 2018 18:15:09 GMT Server: Apache/2.4.34-dev (Unix) OpenSSL/1.1.0f Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 this is a test! 0 (Note the zero at the end) So this is a bug introduced by the latest patch for sure, but I still have no idea where it comes from. I apologize for this issue, I was convinced that the new code was tested but apparently I missed the most basic use cases. Yann, any idea? Luca
