Request exceeded the limit of 10 internal redirects

sehh

Well-Known Member
Feb 11, 2006
579
6
168
Europe
Hello everyone,

I've had this issue in the past with EA3 but I stumbled on it again with EA4.

All my servers showed a considerable amount of internal redirect errors, in the /etc/apache2/logs/error_log file. The error looks like:

Code:
AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
Upon further investigation, I found the following redirection issue:

public_html/.htaccess matches a rewriterule: RewriteRule .* - [F] (F=forbidden with 403 error)
redirected to cPanel error document handler /403.shtml
apache file not found for 403.shtml, redirect to 404 not found
apache file not found for 404.shtml, redirect to 404 not found
etc until it hits 10 redirections then 500 error

So, based on the above redirection mess, when a hosted website gives a 403 (forbidden) error, it ends up doing 10 redirections and gives up with 500 error in the logs (user still gets a 403 I believe).

The solutions:

1) force all hosted sites to have (400 to 510).shtml files, and/or at least 404.shtml to avoid all those redirections.

2) delete the cperror.conf and errordocument.conf from apache's configuration and re-create httpd.conf and restart apache.

3) maybe cPanel could allow the admin to disable custom error redirects from the Apache configuration in WHM?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Upon further investigation, I found the following redirection issue:

public_html/.htaccess matches a rewriterule: RewriteRule .* - [F] (F=forbidden with 403 error)
Hello,

Would you mind sharing the full contents of that .htaccess file, excluding any real domain names or IP addresses?

Thank you.
 

splaquet

Well-Known Member
Sep 24, 2008
53
3
58
W. Hartford, CT
cPanel Access Level
Root Administrator
Twitter
i'm actually running into that same error. fortunately, i've been burning the midnight oil and have caught it over the last week or so. i'd preferably like to get back onto a normal sleeping schedule ;)

i'm not well verse in Linux, Apache, etc etc. Unfortunately, most of my experience comes from researching and trial & error.

With this specific error, i noticed the exact same situation shortly after i upgraded to worker & EA4.

the problem is that that line in the .htaccess file is the line that WordPress and/or the iThemes Security plugin that's inserted into the file. it inserts it whenever a user activates pretty permalinks.

Again, I'm really not able to say that this is what the problem really is. After tracking things through and putting pieces together, this is what i've deduced. I'm seeing it on a lot of my sites... and 90% or more are wordpress driven, so they have this part in the .htaccess file.

here's the exact code chunk:

Code:
    <IfModule mod_rewrite.c>
        RewriteEngine On

        # Protect System Files - Security > Settings > System Tweaks > System Files
        RewriteRule ^wp-admin/includes/ - [F]
        RewriteRule !^wp-includes/ - [S=3]
        RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
        RewriteRule ^wp-includes/[^/]+\.php$ - [F]
        RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
        RewriteRule ^wp-includes/theme-compat/ - [F]

        # Disable PHP in Uploads - Security > Settings > System Tweaks > Uploads
        RewriteRule ^wp\-content/uploads/.*\.(?:php[1-6]?|pht|phtml?)$ - [NC,F]

        # Filter Request Methods - Security > Settings > System Tweaks > Request Methods
        RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
        RewriteRule ^.* - [F]

        # Filter Suspicious Query Strings in the URL - Security > Settings > System Tweaks > Suspicious Query Strings
        RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
        RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
        RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
        RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
        RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
        RewriteCond %{QUERY_STRING} http\:  [NC,OR]
        RewriteCond %{QUERY_STRING} https\:  [NC,OR]
        RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
        RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
        RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
        RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
        RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
        RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
        RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
        RewriteCond %{QUERY_STRING} !^loggedout=true
        RewriteCond %{QUERY_STRING} !^action=jetpack-sso
        RewriteCond %{QUERY_STRING} !^action=rp
        RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
        RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
        RewriteRule ^.* - [F]

        # Filter Non-English Characters - Security > Settings > System Tweaks > Non-English Characters
        RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
        RewriteRule ^.* - [F]
    </IfModule>
# END iThemes Security - Do not modify or remove this line

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
And here's a chunk of my Apache error logs:

Code:
[Thu Oct 20 04:26:51.175037 2016] [core:error] [pid 31045:tid 140677115520768] [client 37.187.151.101:50354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:26:51.352106 2016] [core:error] [pid 31043:tid 140677014808320] [client 37.187.151.101:50395] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:26:51.530124 2016] [core:error] [pid 31047:tid 140677132306176] [client 37.187.151.101:50443] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:26:51.708679 2016] [core:error] [pid 31048:tid 140677140698880] [client 37.187.151.101:50485] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:26:51.886960 2016] [core:error] [pid 31044:tid 140677115520768] [client 37.187.151.101:50536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:26:52.062835 2016] [core:error] [pid 31046:tid 140677157484288] [client 37.187.151.101:50586] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:29:27.837714 2016] [core:error] [pid 31045:tid 140677006415616] [client 91.199.212.132:35810] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:29:31.019187 2016] [core:error] [pid 31046:tid 140677014808320] [client 91.199.212.132:35985] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:29:31.342807 2016] [core:error] [pid 31043:tid 140676989630208] [client 91.199.212.132:36016] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:30:11.460093 2016] [authz_core:error] [pid 31046:tid 140677140698880] [client 173.255.233.124:49136] AH01630: client denied by server configuration: /home/fishbone/public_html/readme.html
[Thu Oct 20 04:30:13.393308 2016] [autoindex:error] [pid 31043:tid 140676989630208] [client 173.255.233.124:49226] AH01276: Cannot serve directory /home/fishbone/public_html/wp-includes/css/: No matching DirectoryIndex (index.php,index.htm,index.html,index.shtml,index.xhtml,index.html.var,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive
WordPress database error Out of resources when opening file '/tmp/#sql_778b_0.MAD' (Errcode: 24 "Too many open files") for query SHOW FULL COLUMNS FROM `wp_wfHits` made by wfLog->logHit, wfModel->save, wfModel->insert
WordPress database error Out of resources when opening file '/tmp/#sql_778b_0.MAD' (Errcode: 24 "Too many open files") for query SHOW FULL COLUMNS FROM `wp_wfHits` made by wfLog->logHit, wfModel->save, wfModel->insert
WordPress database error Out of resources when opening file '/tmp/#sql_778b_0.MAD' (Errcode: 24 "Too many open files") for query SHOW FULL COLUMNS FROM `wp_wfHits` made by wfLog->logHit, wfModel->save, wfModel->insert
[Thu Oct 20 04:30:46.338619 2016] [authz_core:error] [pid 31046:tid 140677140698880] [client 202.137.213.208:51539] AH01630: client denied by server configuration: /home/thebroad/public_html/wp-admin/install.php
[Thu Oct 20 04:30:46.773305 2016] [authz_core:error] [pid 31046:tid 140677140698880] [client 202.137.213.208:51539] AH01630: client denied by server configuration: /home/thebroad/public_html/wp-admin/install.php
[Thu Oct 20 04:30:52.318278 2016] [core:error] [pid 31048:tid 140677140698880] [client 192.0.86.187:38021] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Oct 20 04:30:52.318305 2016] [core:error] [pid 31048:tid 140677140698880] [client 192.0.86.187:38021] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
Long story short, I kinda hope that I'm correct... and I'm also kinda hoping that that'll lead to a way for me to resolve the issue. No more 4am crashes.

Side note, I'd almost guess that it's search engine bots coming through things. It's consistently at the same time nightly for me and it goes through a lot of pages and folders that wouldn't have much interest to the gen pop.
 
Last edited:

splaquet

Well-Known Member
Sep 24, 2008
53
3
58
W. Hartford, CT
cPanel Access Level
Root Administrator
Twitter
  • Like
Reactions: cPanelMichael