The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache 2.4.17 (via EasyApache 3.32.3) breaks URL rewrites

Discussion in 'EasyApache' started by Trane Francks, Oct 17, 2015.

  1. Trane Francks

    Trane Francks Well-Known Member

    Joined:
    Jun 19, 2012
    Messages:
    56
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Machida, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
  2. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    151
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Tody i Updated Apache 2.4.16 to 2.4.17 then my forum home page are not loading, just say it page not found.

    Not working: nirmoladda.com

    Working: nirmoladda.com/forum.php
     
  3. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    I recently updated one of our cPanel servers to update Apache from 2.4.16 to 2.4.17. After this, a customer using the Concrete5 CMS noticed that their .htaccess rewrite URLs (Pretty URLs as Concrete5 calls them) were not working.

    I found this thread on the Concrete5 Forums and found that my customer was not alone with this problem.

    Further, the thread points to a bugfix regarding REDIRECT_URL which was backported to 2.4.17:
    Bug 57785 – REDIRECT_URL is not suitable for use in server-generated pages

    In that bug report, this comment raised my eyebrows!

    At this point, I have a ticket opened with cPanel to see if there is a way to downgrade Apache to 2.4.16, until this mess can be sorted out.

    In addition, I will not attempt to upgrade any other cPanel server with 2.4.17, until more is know about the effects of this backported patch.

    - Scott
     
    #3 sneader, Oct 19, 2015
    Last edited: Oct 19, 2015
    mtindor likes this.
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Wow. What a nightmare. Thanks for the warning Scott. That's a big issue considering I don't know of any easy way of reverting back to 2.4.16.

    Mike
     
  5. cPRex

    cPRex Member
    Staff Member

    Joined:
    Oct 19, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hey Scott,

    Thanks for opening up that ticket with us and bringing this to our attention. You are correct that there currently is not a way to downgrade minor versions of EasyApache as the only current versions available are 2.2.31 and 2.4.17. We also confirmed on your system that changing cgi.fix_pathinfo=1 to cgi.fix_pathinfo=0 in the global php.ini file and restarting the Apache service did not resolve this problem.

    I've opened case CPANEL-2058 with our developers and while I don't have an estimated time of when that will be resolved you can always check our changelogs at 11.52 Change Log - Documentation - cPanel Documentation for more details.

    ~Rex
     
  6. Trane Francks

    Trane Francks Well-Known Member

    Joined:
    Jun 19, 2012
    Messages:
    56
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Machida, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    This problem and the mod_autoindex fiasco that breaks Phusion Passenger support for Rails apps really points out the importance of being able to downgrade Apache. Having a server upgrade break sites and then having absolutely no way of fixing them short of a full-server restore (downtime and data loss) is an extremely uncomfortable position in which to be.

    The same issue applies for MySQL upgrades. Being unable to rollback a borked upgrade is a recipe for disaster. IMO.

    Edited to add: A possible solution for the EasyApache issue might be to list n-2 versions on the initial EasyApache page. Instead of automagically always grabbing the latest version, the script could list the latest and a couple of earlier versions from which to execute, e.g.:

    * 3.32.3
    * 3.32.2
    * 3.32.1

    This would be a feature that would make me 'love you long time'.
     
  7. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
  8. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello guys. I can confirm this issue is breaking login/register pages for Magento sites and also breaking redirects for cache plugins in WordPress. Thus, I have almost 45 unusable websites right now. PLEASE I NEED A BUGFIX ASAP.
     
  9. Dhaupin

    Dhaupin Member

    Joined:
    Jan 3, 2014
    Messages:
    20
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hmm i agree with this, why cant we rollback apache version in EA(3/4)? I was modernizing some htaccess for some stores, setting up to roll in a different MPM, and stumbled randomly upon this thread. We are still on 2.4.16 so if i would have rolled the new MPM then EA(3) would have forced 2.4.17 upon our serv, possibly resulting in many many thousands of broken rewrites....or worse, as Kent Brockman is saying.
     
  10. LBJ

    LBJ Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    G'day Kent,

    Are you running FastCGI?

    We encountered the known issue with Concrete5 sites on all Apache 2.4.17 servers with PHP 5.5.30, and applied the fix to config/site.php which immediately brought them back to life, but we've not seen any issues with WordPress.

    We run suPHP with cgi.fix_pathinfo set to the default of 1. We have many hundreds of WordPress sites, but no Magento or Rails installations. Until I read your post, I had assumed the impact was only moderate, which is what our support tickets have also suggested.

    Best regards,

    LBJ
     
  11. chposter

    chposter Active Member

    Joined:
    May 9, 2011
    Messages:
    39
    Likes Received:
    1
    Trophy Points:
    8
    Hello

    I can confirm all issues

    - Phusion passenger fails : mod_autoindex revert patch needed
    - Fastcgi broken in the reported way. I have not tested this but.


    I can not understand how a minor apache update can break so many things. How is posible that you update 16->17 and potencially all apps from your server are dead, apache?

    Cpanel guys, you must allow 2.4.16 in my opinion until this BIG problem is sorted out.
     
  12. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    509
    Likes Received:
    65
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    We are aware of these problems and we're monitoring these issues currently. There's a few options present that we're looking at:
    1> Revert to 2.4.16. This will cause a lot of issues as we've also upgraded APR to 1.5.2, so those will both require downgrades. Also, there was a CVE assigned with the 1.5.2 update, so rolling back would bring back some vulnerabilities.
    2> Attempt to custom patch and fix these issues ourselves. This would take a while to complete.
    3> Wait for Apache developers to submit fixes for these problems, and then release those patches ourselves in a release.

    We're not really able to offer multiple versions of EA, as building in this support would take longer than just fixing the issues themselves. Thanks for these reports! Please, keep them coming as well. We know about Concrete 5 issues with REDIRECT_URL coming from PHPs SCRIPT_NAME functions, and we're also aware of the Phusion Passenger issues with mod_autoindex. We haven't come across or heard of any issues with WordPress or the like, so if you notice issues there, please ensure there's an upstream Apache bug present so they can work on fixing those issues.

    Thanks everyone for the information!
     
  13. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Can I throw out another idea?

    How about letting users compile Apache themselves? Set up a page where cPanel details and lists the patches they apply to Apache. Then server administrators can download Apache from apache.org, download the patches, apply the patches, run ./configure, run make, run make install and then they have whatever version of Apache they want to have installed.

    This would be more straight-forward than always having to go through EasyApache. Granted, it may only be for the more experienced server administrators, but it would be an option.
     
  14. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    There is one other idea that nobody has mentioned. I can't take credit for it, though. I had the pleasure of having dinner with several folks from cPanel last night, and one of the attendees was none other than Mr. cPanel himself, Nick Koston. He said "You could rerun EasyApache and choose Apache 2.2." -- well, there you go!! Sure enough, this REDIRECT_URL change was not backported to 2.2! While Apache 2.2 isn't ideal, it should fix the problem at hand, without introducing any new issues (other than edge cases). Then... when Apache (hopefully) fixes this issue, and a 2.4.18 comes out, you just rerun EA, and choose 2.4.18 and off you go!

    - Scott
     
  15. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    509
    Likes Received:
    65
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Absolutely, one way to get rid of these issues would be to downgrade to Apache 2.2.

    In regards to custom compiles of Apache, you can accomplish this on your own, by adding a pre-script for EA that removes those patches and doesn't build them in. Note that this is custom and that not including those patches may cause instability in other areas.
     
  16. Trane Francks

    Trane Francks Well-Known Member

    Joined:
    Jun 19, 2012
    Messages:
    56
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Machida, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    For folks awaiting a Rails solution, Phusion will release a fix for the problem in Passenger 5.0.22.
     
  17. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    I see that Apache is currently asking for feedback on what to do about the REDIRECT_URL change. Specifically, they are asking if they should...
    1. Leave it to PHP (to fix)?
    2. Introduce yet another env var?
    3. Introduce a flag to switch between the two?
    4. Other (please specify?)
    See: Bug 57785 – REDIRECT_URL is not suitable for use in server-generated pages (requires creation of account to add a comment)
     
  18. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello people, I continue finding problems with different kind of sites. Is there any update or fix to this issue?
    How can I roll back to Apache 2.4.16??? It used to work perfectly!
     
  19. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    509
    Likes Received:
    65
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    We're looking at the possibility of rolling Apache back to 2.4.16 and leaving APR at 1.5.2. We're testing this out now, and we hope to have this EA build released by Monday / Tuesday at the latest. We'll keep this thread updated as we know more. Thanks!
     
    eva2000, sneader and phph like this.
  20. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Great, thanks! (Can't wait) :)
     
Loading...

Share This Page