The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Easy Apache 4 500 on some websites.

Discussion in 'EasyApache' started by Michael A. Hartmann, Aug 1, 2016.

  1. Michael A. Hartmann

    Joined:
    Aug 1, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    White Lake, Mi
    cPanel Access Level:
    Website Owner
    I have seen many articles on upgrading from EA3 to EA4 but I can not find any pre or post instructions to upgrading.

    I am using WHM 58 on Centos 6. I attempted to upgrade to EA4 in which it did upgrade with quite a few modsec errors. I imagine that may need to be shut off? I am not sure how in this version to be honest.

    I was getting 500 errors on about 60% of the websites. I do not know how to find out what errors it is exactly. I could not figure out why some websites worked and why some had the 500 error.

    After upgrading I found that all the 'Multiphp manager' values had totally different values than what I had in Php.INI. Mostly Memory limits and im not sure if the /path/to/pear is supposed to be left blank.

    Upon updating the Memory_limits to what they were before and restarting the server, I was still getting error 500s. After tweaking different values, the best I could get was a blank website.
    These errors are in wordpress. A PhpInfo test page worked on the websites. However, Wordpress would not work, nor would "RainLoop". Note: Wordpress had matching memory limits in its config.

    After a few hours of giving up, and the need to get the websites back online, I rolled back to EA3. The rollback completed, but again with ModSec "red" errors in SSH. Despite that, the websites are working with EA3 being reverted. However, I would like to attempt it again, with a little better information on what steps to take for a successful upgrade.

    Thank you
     
  2. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    508
    Likes Received:
    64
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Morning!

    After migrating to EA4, the main log to check is '/var/log/apache2/error_log'. This will show the reasons why those errors were getting a 500 ISE.

    You're right about the php.ini values, we don't currently migrate those from EA3. We have a case open to migrate user php.ini to EA4 style php.ini, and we hope to have this in v58 in the near future.

    Mainly, it's most likely the php.ini settings between EA3 and EA4 that aren't converted that's causing the issue. Tailing the log while refreshing the sites will show what's going on.

    Please let us know how it goes! If you like, open up a support ticket and we'll help you through those issues, and open up cases if we can find an improvement / bug in the processes.

    Thanks for giving EA4 a shot!
     
  3. Michael A. Hartmann

    Joined:
    Aug 1, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    White Lake, Mi
    cPanel Access Level:
    Website Owner
    I found errors like this only when EP4 was active:

    [Removed - Please Use Code Tags and ensure real domain names are excluded]
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you review Guide to Opening an Effective Forums Thread to ensure you are posting output in the correct format? In particular, ensure you use CODE tags and remove any real domain names or hostnames. Also, you only need to post the error once if it's the same error message throughout the output.

    Thank you.
     
  5. Michael A. Hartmann

    Joined:
    Aug 1, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    White Lake, Mi
    cPanel Access Level:
    Website Owner
    I have changed the Ip Addresses and domain names to prevent intruders.

    I am getting the following errors on EA4:

    Code:
    [Sun Jul 31 16:58:35.085463 2016] [ssl:error] [pid 4083:tid 140401651611616] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=server.mine.com,OU=PositiveSSL,OU=Domain Control Validated / issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB / serial: XXXXXXXXXX / notbefore: Oct 10 00:00:00 2015 GMT / notafter: Oct  9 23:59:59 2016 GMT]
    [Sun Jul 31 16:58:35.085583 2016] [ssl:error] [pid 4083:tid 140401651611616] AH02567: Unable to configure certificate server.mine.com:443:0 for stapling
    [Sun Jul 31 16:58:35.087098 2016] [:notice] [pid 4083:tid 140401651611616] ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/) configured.
    [Sun Jul 31 16:58:35.087126 2016] [:notice] [pid 4083:tid 140401651611616] ModSecurity: APR compiled version="1.5.2"; loaded version="1.5.2"
    [Sun Jul 31 16:58:35.087140 2016] [:notice] [pid 4083:tid 140401651611616] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
    [Sun Jul 31 16:58:35.087148 2016] [:notice] [pid 4083:tid 140401651611616] ModSecurity: LUA compiled version="Lua 5.1"
    [Sun Jul 31 16:58:35.087154 2016] [:notice] [pid 4083:tid 140401651611616] ModSecurity: LIBXML compiled version="2.7.6"
    [Sun Jul 31 16:58:35.087161 2016] [:notice] [pid 4083:tid 140401651611616] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
    [Sun Jul 31 16:58:35.087896 2016] [suexec:notice] [pid 4083:tid 140401651611616] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Sun Jul 31 16:58:35.133971 2016] [auth_digest:notice] [pid 4084:tid 140401651611616] AH01757: generating secret for digest authentication ...
    [Sun Jul 31 16:58:35.135573 2016] [ssl:error] [pid 4084:tid 140401651611616] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=server.mine.com,OU=PositiveSSL,OU=Domain Control Validated / issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB / serial: XXXXXX / notbefore: Oct 10 00:00:00 2015 GMT / notafter: Oct  9 23:59:59 2016 GMT]
    [Sun Jul 31 16:58:35.135596 2016] [ssl:error] [pid 4084:tid 140401651611616] AH02567: Unable to configure certificate server.mine.com:443:0 for stapling
    [Sun Jul 31 16:58:35.160817 2016] [mpm_worker:notice] [pid 4084:tid 140401651611616] AH00292: Apache/2.4.23 (cPanel) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 configured -- resuming normal operations
    [Sun Jul 31 16:58:35.160875 2016] [core:notice] [pid 4084:tid 140401651611616] AH00094: Command line: '/usr/sbin/httpd'
    [Sun Jul 31 16:58:39.285241 2016] [auth_digest:notice] [pid 4084:tid 140401651611616] AH01757: generating secret for digest authentication ...
    [Sun Jul 31 16:58:39.286624 2016] [ssl:error] [pid 4084:tid 140401651611616] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=server.mine.com,OU=PositiveSSL,OU=Domain Control Validated / issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB / serial: XXXXXXXXXXXXXXXXXXXXXX / notbefore: Oct 10 00:00:00 2015 GMT / notafter: Oct  9 23:59:59 2016 GMT]
    [Sun Jul 31 16:58:39.286645 2016] [ssl:error] [pid 4084:tid 140401651611616] AH02567: Unable to configure certificate server.mine.com:443:0 for stapling
    [Sun Jul 31 16:58:39.300750 2016] [mpm_worker:notice] [pid 4084:tid 140401651611616] AH00292: Apache/2.4.23 (cPanel) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 configured -- resuming normal operations
    [Sun Jul 31 16:58:39.300785 2016] [core:notice] [pid 4084:tid 140401651611616] AH00094: Command line: '/usr/sbin/httpd'
    [Sun Jul 31 16:59:10.487955 2016] [:error] [pid 4349:tid 140401418364672] [client 108.162.246.194] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: website.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-information disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "website.org"] [uri "/index.php"] [unique_id "V55mnoItdP4prcoG@74uSQAAAMA"]
    [Sun Jul 31 16:59:10.493650 2016] [:error] [pid 4349:tid 140401418364672] [client 108.162.246.194] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "37"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "Host: website.org"] [tag "event-correlation"] [hostname "website.org"] [uri "/index.php"] [unique_id "V55mnoItdP4prcoG@74uSQAAAMA"]
    [Sun Jul 31 16:59:11.376728 2016] [:error] [pid 4321:tid 140401418364672] [client 108.162.246.219] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "11.11.11.11_xxxxxxxxxxxxxxxxxxxxxxx"): Internal error (specific information not available) [hostname "website.org"] [uri "/index.php"] [unique_id "V55mnlugIlQRu3a5Hc60IQAAAIA"]
    [Sun Jul 31 16:59:14.014864 2016] [:error] [pid 4377:tid 140401418364672] [client 108.162.246.194] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: website.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-information disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "website.org"] [uri "/index.php"] [unique_id "V55moSvcRwYZ1W8E07wuugAAAQA"]
    [Sun Jul 31 16:59:14.020745 2016] [:error] [pid 4377:tid 140401418364672] [client 108.162.246.194] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "37"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "Host: website.org"] [tag "event-correlation"] [hostname "website.org"] [uri "/index.php"] [unique_id "V55moSvcRwYZ1W8E07wuugAAAQA"]
    [Sun Jul 31 16:59:34.260571 2016] [:error] [pid 4293:tid 140401340053248] [client 108.162.246.194] ModSecurity: Warning. Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: website.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-information disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "website.org"] [uri "/index.php"] [unique_id "V55mtr5IZ6lFQD4yaCYbSgAAAEE"]
    [Sun Jul 31 16:59:34.266747 2016] [:error] [pid 4293:tid 140401340053248] [client 108.162.246.194] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "37"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "Host: website.org"] [tag "event-correlation"] [hostname "website.org"] [uri "/index.php"] [unique_id "V55mtr5IZ6lFQD4yaCYbSgAAAEE"]
    
    Note: SSL cert doesn't expire till October. I just found the AutoSSL Feature in v58, although it was turned off at the time.
    Other errors:
    Code:
    [line "37"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "Host: website3.org"] 
    and finally:
    Code:
    [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "Host: website.org"] [tag "event-correlation"] [hostname "website.org"] [uri "/wp-admin/index.php"] [unique_id "V55rGdriO7sJO4KggfhJdAAAABU"]
    [Sun Jul 31 17:18:47.023357 2016] [core:error] [pid 2943:tid 140092574189312] [client 24.128.162.8:4188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://website2.org/wp-admin/network/admin.php?page=available-tools
    [Sun Jul 31 17:18:47.023403 2016] 
    I have not had any errors in the log since I reverted to EA3 with the exception that the SSL is now messed up. I am attempting to use the AutoSSL feature to use the certs there instead.
     
  6. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    508
    Likes Received:
    64
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    I think the one you found stands out, in that EA3 those rewrites work and in EA4 they don't. What version of Apache are you running on EA3? If it's 2.2, I'd ask if those rules work on 2.4. If they don't, they'll need to be adjusted.
     
  7. Michael A. Hartmann

    Joined:
    Aug 1, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    White Lake, Mi
    cPanel Access Level:
    Website Owner
    I am using 2.4 Are you thinking there an issue with .htacess?

    The rewrites on the website I am most concerned about has the following rewrite blocks:
    iThemes Security
    HackRepair.com Blacklist,
    Abuse HTTP Referrer Blocking,
    Ban Hosts,
    mod_authz_core.c blocks
    Disable Directory Browsing
    Reduce Comment Spam

    # WordPress SEO - XML Sitemap Rewrite Fix
    # W3TC Browser Cache/Core
    # WordPress PermaLink


    Outside of Wordpress, Rainloop throws the following on EA4, but not EA3.
    Code:
    Call to undefined function json_encode
     
    #7 Michael A. Hartmann, Aug 1, 2016
    Last edited by a moderator: Aug 7, 2016
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  9. Michael A. Hartmann

    Joined:
    Aug 1, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    White Lake, Mi
    cPanel Access Level:
    Website Owner
    Before I attempt to upgrade again, I would like to know if Mod Sec and CloudFlare are supposed to be disabled before running the upgrade script.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You don't have to disable Mod_Security or existing Mod_Security rules unless you are using custom rules that are not compatible with Apache 2.4. There's a document on using Mod_Security on EasyApache 4 at:

    Apache Module: ModSecurity - EasyApache 4 - cPanel Documentation

    For CloudFlare, you can ensure it's installed after the conversion to EasyApache 4 by following the instructions on the following document:

    Apache Module: CloudFlare - EasyApache 4 - cPanel Documentation

    Let us know if you have any questions.

    Thanks!
     
Loading...

Share This Page