Koozali.org: home of the SME Server

odd browser problem just surfaced, could it be SME related?

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
odd browser problem just surfaced, could it be SME related?
« on: August 17, 2022, 12:43:16 AM »
We've just begun running into an odd problem with our web server, or at least I'm wondering if it is due to a recent update in SME server 10. Our server hosts three domains westerndepot.com, westerndepot.store which is just another name for westerndepot.com that we added due to problems with DNS hijacking, and sierraplaza.com. Westerndepot.com and westerndepot.store are both pointed to the Primary ibay and sierraplaza.com goes to a separate ibay.

Just today we discovered that Microsoft Edge and Google Chrome are changing westerndepot.com and westerndepot.store into the IP address for the server in the address bar and truncating anything that comes after the first / so for instance westerndepot.com/specials.php gets changed to just the IP address which means people can only access the main page of the site. However sierraplaza.com works just fine in both browsers. We also have no problem fully accessing any of the sites if we use Firefox or Opera.

The server is fully up to date and no one reported this problem until today. Is it possible that one of the recent updates for SME Server could have tweaked something and caused this problem or should I look elsewhere to find a solution.

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #1 on: August 17, 2022, 01:56:26 AM »
any change on the Primary ibay like a new .htaccess

any contribs?

any custom-template?


what handles the dns for your clients? SME ?

are the client on wan or lan?

Installation mode for SME?

help us to help you.  no crystal ball here.

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #2 on: August 17, 2022, 02:09:25 AM »
looking at it
www.westerndepot.com.   243   IN   A   172.64.80.1
westerndepot.com.   243   IN   A   172.64.80.1
westerndepot.store.   243   IN   A   172.64.80.1
www.westerndepot.store.   243   IN   A   172.64.80.1
172.64.80.1 is cloudflare ip


http://westerndepot.com redirects 301 to https://westerndepot.com/
which 302 redirects via a cloudflare request to http://69.173.134.163
which answers 200 OK and give me a blank page
<html><head></head>
<body>
<center>
</center></body></html>

I would say you have issue with your cloudflare configuration

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #3 on: August 17, 2022, 10:50:15 PM »
looking at it
www.westerndepot.com.   243   IN   A   172.64.80.1
westerndepot.com.   243   IN   A   172.64.80.1
westerndepot.store.   243   IN   A   172.64.80.1
www.westerndepot.store.   243   IN   A   172.64.80.1
172.64.80.1 is cloudflare ip


http://westerndepot.com redirects 301 to https://westerndepot.com/
which 302 redirects via a cloudflare request to http://69.173.134.163
which answers 200 OK and give me a blank page
<html><head></head>
<body>
<center>
</center></body></html>

I would say you have issue with your cloudflare configuration

I tried accessing our site from home last night and had no problem using Firefox while Edge and Chrome were sending me to 98.238.194.121 which is owned by Comcast (and NOT the IP assigned to our server by Comcast I might add) while the 69.173.134.163 you got sent to is owned by Oricom Internet so I think some DNS hijacking is going on somewhere in those cases.

Here at work where I was testing the issue before I posted this thread our computers get their DNS from our server since they are on the LAN side. Everyone else, including our customers who reported the issue in the first place would be getting DNS from their ISP except those few that have done a manual config of DNS to someplace else. Cloudflare proxies the IP address for our server to guard against DDOS attacks and supposedly provides some cache service for static pages which probably doesn't really apply since the site in question is entirely PHP.

I think we can rule out SME Server causing the problem since when I returned to work this morning I was able the access the site properly using both Edge and Chrome. No changes were made to the server at all. This afternoon after returning from lunch I checked again and they were both back to converting it to 74.93.177.20 (the actual external IP for the server) so I would say the problem has something to do with the Chromium based browsers. I don't know if there is a Browser directive that could be added to httpd.conf to address the issue or not but I suspect the problem is simply out of our control like the DNS hijacking issue which is highly annoying, not to mention bad for business.

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #4 on: August 18, 2022, 12:36:43 AM »
I have tested further, and the ip it get send to is the IP of the visitor.

I was able to see your website once on multiple clients, the minute I try to access it again, I gey redirected to my own ip on every devices I tried and different connexions.

check your httaccess and website settings, I think you have set wrong a redirection to the client ip instead of one of your domain

could also be in cloudflare but I will accuse first a httaccess or custom setting on your website or webserver

no dns hijacking

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #5 on: August 18, 2022, 12:51:59 AM »
only difference between your office and the outside is inside SME Server should be giving DNS while it is cloudflare on the outside.
Also you might have some rules in a httaccess file or in a custom template redirecting based on the ip.

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #6 on: August 19, 2022, 12:09:53 AM »
I have tested further, and the ip it get send to is the IP of the visitor.

I was able to see your website once on multiple clients, the minute I try to access it again, I gey redirected to my own ip on every devices I tried and different connexions.

check your httaccess and website settings, I think you have set wrong a redirection to the client ip instead of one of your domain

could also be in cloudflare but I will accuse first a httaccess or custom setting on your website or webserver

no dns hijacking

There is no .htaccess file in the Primary ibay where the site resides. I was also under the impression that SME Server blocked the use of htaccess files by default.

As for custom templates causing the issue I highly doubt it but here is the list of all of them for the httpd.conf file with their contents:

35SSL10SSLHonorCipherOrder contains:
Code: [Select]
SSLHonorCipherOrder on

35SSL30SSLProtocol contains:
Code: [Select]
{
# Specify which SSL Protocols to accept for this context
}
SSLProtocol all -SSLv2 -SSLv3 -TLSv1

75AddTypesAV contains:
Code: [Select]
#   MIME-types for audio and video
#
# Audio
AddType audio/mp4                 m4a f4a f4b
AddType audio/ogg                 oga ogg

# JavaScript
# Normalize to standard type (it's sniffed in IE anyways):
# http://tools.ietf.org/html/rfc4329#section-7.2
AddType application/javascript    js jsonp
AddType application/json          json

# Video
AddType video/mp4                 mp4 m4v f4v f4p
AddType video/ogg                 ogv
AddType video/webm                webm
AddType video/x-flv               flv

# Web fonts
AddType application/font-woff                       woff
AddType application/vnd.ms-fontobject               eot

# Browsers usually ignore the font MIME types and sniff the content,
# however, Chrome shows a warning if other MIME types are used for the
# following fonts.
AddType application/x-font-ttf                      ttc ttf
AddType font/opentype                               otf

# Make SVGZ fonts work on iPad:
# https://twitter.com/FontSquirrel/status/14855840545
AddType     image/svg+xml                           svg svgz
AddEncoding gzip                                    svgz

90e-smithAccess40ibays contains:
Code: [Select]
#------------------------------------------------------------
# Information bay directories
# override file that defaults iBays to indexes disabled
# place this file in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
#------------------------------------------------------------

{
    use esmith::AccountsDB;
    my $adb = esmith::AccountsDB->open_ro();
    $OUT = "";
    foreach my $ibay ($adb->ibays)
    {
my %properties = $ibay->props;
my $key = $ibay->key;
#------------------------------------------------------------
# Figure out which combination of parameters to use. If
# PublicAccess parameter is present, this is e-smith 4.0.
# Otherwise, it's e-smith 3.0.
#------------------------------------------------------------

my $allow;
my $pass;
my $satisfy;

if ($properties{'PublicAccess'})
{
    if ($properties{'PublicAccess'} eq 'none')
    {
next;
    }
    elsif ($properties{'PublicAccess'} eq 'local')
    {
$allow   = $localAccess;
$pass    = 0;
$satisfy = 'all';
    }
    elsif ($properties{'PublicAccess'} eq 'local-pw')
    {
$allow   = $localAccess;
$pass    = 1;
$satisfy = 'all';
    }
    elsif ($properties{'PublicAccess'} eq 'global')
    {
$allow   = 'all';
$pass    = 0;
$satisfy = 'all';
    }
    elsif ($properties{'PublicAccess'} eq 'global-pw')
    {
$allow   = 'all';
$pass    = 1;
$satisfy = 'all';
    }
    elsif ($properties{'PublicAccess'} eq 'global-pw-remote')
    {
$allow   = $localAccess;
$pass    = 1;
$satisfy = 'any';
    }
}
elsif ($properties {'ReadAccess'} eq 'global')
{
    if ($properties {'UsePassword'} eq 'yes')
    {
$allow   = 'all';
$pass    = 1;
$satisfy = 'all';
    }
    else
    {
$allow   = 'all';
$pass    = 0;
$satisfy = 'all';
    }
}
else
{
    if ($properties {'UsePassword'} eq 'yes')
    {
$allow   = $localAccess;
$pass    = 1;
$satisfy = 'all';
    }
    else
    {
$allow   = $localAccess;
$pass    = 0;
$satisfy = 'all';
    }
}


my $allowOverride = $properties{'AllowOverride'} || "None";
my $dynamicContent = $properties{'CgiBin'} || "disabled";
my $followSymLinks = $properties{'FollowSymLinks'} || "disabled";
my $indexes = $properties{'Indexes'} || "disabled";
$OUT .= "\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "# $key ibay directories ($properties{'Name'})\n";
$OUT .= "#------------------------------------------------------------\n";

$OUT .= "\n";
$OUT .= "<Directory /home/e-smith/files/ibays/$key/html>\n";
$OUT .= "    ErrorDocument 400 /http_error.php?error_id=400\n";
$OUT .= "    ErrorDocument 401 /http_error.php?error_id=401\n";
$OUT .= "    ErrorDocument 403 /http_error.php?error_id=403\n";
$OUT .= "    ErrorDocument 404 /http_error.php?error_id=404\n";
$OUT .= "    ErrorDocument 405 /http_error.php?error_id=405\n";
$OUT .= "    ErrorDocument 408 /http_error.php?error_id=408\n";
$OUT .= "    ErrorDocument 415 /http_error.php?error_id=415\n";
$OUT .= "    ErrorDocument 416 /http_error.php?error_id=416\n";
$OUT .= "    ErrorDocument 417 /http_error.php?error_id=417\n";
$OUT .= "    ErrorDocument 500 /http_error.php?error_id=500\n";
$OUT .= "    ErrorDocument 501 /http_error.php?error_id=501\n";
$OUT .= "    ErrorDocument 502 /http_error.php?error_id=502\n";
$OUT .= "    ErrorDocument 503 /http_error.php?error_id=503\n";
$OUT .= "    ErrorDocument 504 /http_error.php?error_id=504\n";
$OUT .= "    ErrorDocument 505 /http_error.php?error_id=505\n";
$OUT .= "    Options None\n";
$OUT .= "    Options +Indexes\n" if ($indexes eq 'enabled');
$OUT .= "    Options +FollowSymLinks\n" if ($followSymLinks eq 'enabled');
if ($dynamicContent eq 'enabled')
{
    $OUT .= "    Options +Includes\n";
}
else
{
    $OUT .= "    DirectoryIndex index.htm index.html\n";
    $OUT .= "    Options +IncludesNOEXEC\n";
    $OUT .= "    <FilesMatch \"\\.(php|php3|phtml)\$\">\n";
    $OUT .= "        order deny,allow\n";
    $OUT .= "        Deny from all\n";
    $OUT .= "    </FilesMatch>\n";
}
$OUT .= "    AllowOverride $allowOverride\n";
$OUT .= "    order deny,allow\n";
$OUT .= "    deny from all\n";
$OUT .= "    allow from $allow\n";
if ($pass)
{
    $OUT .= "    AuthName \"$properties{'Name'}\"\n";
    $OUT .= "    AuthType Basic\n";
    $OUT .= "    AuthExternal pwauth\n";
    $OUT .= "    require user $key\n";
    $OUT .= "    Satisfy $satisfy\n";
}

if (($properties{PHPRegisterGlobals} || 'disabled') eq 'enabled')
{
    $OUT .= "    php_flag register_globals on\n";
}
$OUT .= "</Directory>\n";

$OUT .= "\n";
$OUT .= "<Directory /home/e-smith/files/ibays/$key/cgi-bin>\n";
if ($dynamicContent eq 'enabled')
{
    $OUT .= "    Options ExecCGI\n";
}
$OUT .= "    AllowOverride None\n";
$OUT .= "    order deny,allow\n";
$OUT .= "    deny from all\n";
$OUT .= "    allow from $allow\n";
if ($pass)
{
    $OUT .= "    AuthName \"$properties{'Name'}\"\n";
    $OUT .= "    AuthType Basic\n";
    $OUT .= "    AuthExternal pwauth\n";
    $OUT .= "    require user $key\n";
    $OUT .= "    Satisfy $satisfy\n";
}
$OUT .= "</Directory>\n";

$OUT .= "\n";
$OUT .= "<Directory /home/e-smith/files/ibays/$key/files>\n";
$OUT .= "    AllowOverride None\n";
$OUT .= "    order deny,allow\n";
$OUT .= "    deny from all\n";
$OUT .= "    allow from $allow\n";
if ($pass)
{
    $OUT .= "    AuthName \"$properties{'Name'}\"\n";
    $OUT .= "    AuthType Basic\n";
    $OUT .= "    AuthExternal pwauth\n";
    $OUT .= "    require user $key\n";
    $OUT .= "    Satisfy $satisfy\n";
}
$OUT .= "</Directory>\n";
    }
}

91e-smithAccessPrimarysubdirs contains:
Code: [Select]
#------------------------------------------------------------
# Primary Information bay limited subdirectories
# place this file in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
#------------------------------------------------------------

<Directory /home/e-smith/files/ibays/Primary/html/adminstrator>
    Options None
    Options +Includes
    SSLRequireSSL
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 10.0.3.0/255.255.255.0
    AuthType Basic
    AuthBasicProvider external
    AuthName "WD Site Admin"
    AuthExternal pwauth
    Require user admin
    Satisfy any
</Directory>

and finally 92Expires contains:
Code: [Select]
#------------------------------------------------------------
# File Type Expiration
# place this file in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
#------------------------------------------------------------

<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 10 days"
ExpiresByType text/html "access plus 2 days"
ExpiresByType image/gif "access plus 60 days"
ExpiresByType image/jpg "access plus 60 days"
ExpiresByType image/png "access plus 60 days"
ExpiresByType application/javascript "access plus 60 days"
ExpiresByType text/css "access plus 60 days"
ExpiresByType image/x-icon "access plus 60 days"
</IfModule>

Unless you count the ErrorDocument settings you can see there are no redirects of any kind in my custom templates.

Just in case it helps here are the database settings for the primary ibay:
Code: [Select]
[root@www ~]# db accounts show Primary
Primary=ibay
    AllowUrlFopen=enabled
    AllowUrlfOpen=enabled
    CgiBin=enabled
    DisabledFunctions=show_source,symlink,dl,shell_exec,passthru,escapeshellcmd,phpinfo
    Group=shared
    Indexes=disabled
    MailForceSender=info@westerndepot.com
    MaxExecutionTime=120
    MaxFileUpload=50
    MemoryLimit=348M
    Modifiable=no
    Name=Primary i-bay
    PasswordSet=no
    Passwordable=no
    PostMaxSize=200M
    PublicAccess=global
    Removable=no
    SSLRequireSSL=disabled
    UploadMaxFilesize=40M
    UserAccess=wr-admin-rd-group

Frankly I'm not seeing anything on the server that would be causing the problem. Besides that I would think a server setting would affect all browsers and not just some of them which I what I am running into when trying access from my computer on the server's local network here with only Edge and Chrome ever having any problem accessing the site.

I don't know of any contributions that would cause server redirects but here is a complete list of what is installed just in case: Sendmail-Wrapper, Letsencrypt, Webhosting, Hardware Info, AWStats, Fail2ban, Mod Deflate, PHPMyAdmin, Vacation.

I also have the scripts from the DAR2 contribution installed for better backups since they work with SME10 even though the server panel doesn't. Those were copied over from our server when it was still running SME9 and tested on our SME10 test server before I actually used them. I found I only needed to add one folder to the backup configuration for the scripts in order for them to work properly under SME10. It's too bad that contribution didn't get updated for SME10.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: odd browser problem just surfaced, could it be SME related?
« Reply #7 on: August 19, 2022, 08:13:10 PM »
Run these and paste the output.

Code: [Select]
/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/templates

(The debug part in server-manager does similar)

Quote
It's too bad that contribution didn't get updated for SME10

Not sure of the status but please remember there is a collective responsibility here. It's the communities problem. Not just a few devs.

If it is important to you, get involved and help. We are few, with very limited time - most of us who are active do it in our spare time.

We do what we need first. We help those who help us out as best we can.

Everything else gets done as and when we get time or inclination to look at it. We currently have a huge list of things to do on the backend, as well as trying to build V11.

You don't have to code. There are lots of other things that need doing.

Just volunteer and get involved.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #8 on: August 19, 2022, 08:56:56 PM »
Run these and paste the output.

Code: [Select]
/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/templates

(The debug part in server-manager does similar)
Code: [Select]
[root@www ~]# /sbin/e-smith/audittools/newrpms
Loaded plugins: fastestmirror, post-transaction-actions, priorities, smeserver
Loading mirror speeds from cached hostfile
 * base: linux.mirrors.es.net
 * smeaddons: mirror.canada.pialasse.com
 * smeos: mirror.canada.pialasse.com
 * smeupdates: mirror.canada.pialasse.com
 * updates: centos-distro.cavecreek.net
Extra Packages
GeoIP.x86_64                             1.6.12-9.el7.sme           @smecontribs
GeoIP-GeoLite-data.noarch                2018.06-7.el7.sme          @smecontribs
GeoIP-GeoLite-data-extra.noarch          2018.06-7.el7.sme          @smecontribs
awstats.noarch                           7.8-2.el7                  @smecontribs
fail2ban-sendmail.noarch                 0.11.2-3.el7               @smecontribs
fail2ban-server.noarch                   0.11.2-3.el7               @smecontribs
perl-Data-Validate-IP.noarch             0.27-13.el7                @smecontribs
perl-Geo-IP.x86_64                       1.45-1.of.el7              @smecontribs
phpMyAdmin.noarch                        5.1.0-1.el7.sme            @smecontribs
smeserver-awstats.noarch                 1.4-5.el7.sme              @smecontribs
smeserver-diskusage.noarch               0.2.0-5.el7.sme            @smecontribs
smeserver-fail2ban.noarch                9:0.1.18-30.el7.sme        @smecontribs
smeserver-hwinfo.noarch                  1.2-5.el7.sme              @smecontribs
smeserver-mod_dav.noarch                 1.1-7.el7.sme              @smecontribs
smeserver-mod_deflate.noarch             1.2-4.el7.sme              @smecontribs
smeserver-phpmyadmin.noarch              4.0.10.2-11.el7.sme        @smecontribs
smeserver-sendmail-wrapper.noarch        0.1-5.el7.sme              @smecontribs
smeserver-vacation.noarch                1.1-34.el7.sme             @smecontribs
smeserver-webhosting.noarch              0.0.9-15.el7.sme           @smecontribs
Code: [Select]
[root@www ~]# /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/75AddTypesAV: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/35SSL10SSLHonorCipherOrder: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/92Expires: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/91e-smithAccessPrimarysubdirs: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/php.ini/90WesternDepotSpecific: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/opt/remi/php74/php.ini/90WesternDepotSpecific: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/opt/remi/php80/php.ini/90WesternDepotSpecific: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/opt/remi/php81/php.ini/90WesternDepotSpecific: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/qmail/control/defaulthost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/bouncehost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/envnoathost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/helohost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/doublebouncehost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/me: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates/etc/dar2/dar2-backup/00setup: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Compression: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Default: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Exclude: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Prune: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Slice: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Verbose: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Backup: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-restore/00setup: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-restore/10Default: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-restore/10Restore: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-restore/10RestoreTo: MANUALLY_ADDED

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #9 on: August 19, 2022, 09:54:43 PM »
re dar2 :
most of the contribs that have been asked to be ported have been.

no one did asked for it until this thread

if you want it ported asap please help by opening a bug and by specifying what works and what fails.
also giving the workaround you used would make it quicker.


Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #10 on: August 19, 2022, 11:27:31 PM »
re dar2 :
most of the contribs that have been asked to be ported have been.

no one did asked for it until this thread

if you want it ported asap please help by opening a bug and by specifying what works and what fails.
also giving the workaround you used would make it quicker.
Is there a way to load an SME9 contribution into SME10 using yum? If so I would be happy to check DAR2 out to see what works in the SME control panel. I didn't know that was possible or I probably would have tried it a long time ago.

I've tested all of the scripts except the one for Midnight Commander which I never have used at any time anyway and they and the templates it installs that are used by the scripts work just fine. The only thing I had to do was add etc/backup-data.d to the list of folders being backed up by the SME9 contrib for it to properly cover SME10 which I did using
Code: [Select]
db dar2 setprop (backupname) Backup (comma separated list of folders to back up)since I didn't know I could try loading the contribution in SME10 as this is something I would have set in the SME control panel under SME9.

The main reasons I liked it rather than the built in SME backup was that I could set all aspects of the backup directly from the server manager control panel without having to manually do a db setting for some properties such as slice size like you do with the SME backup. Best of all it allowed you to set up as many different backups as you wanted, both manual and automatic, instead of just one which is my main beef with the built in SME backup. Frankly if those features of the DAR2 contribution were added to the built in SME backup I'd be happy.

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: odd browser problem just surfaced, could it be SME related?
« Reply #11 on: August 20, 2022, 12:28:53 AM »
Is there a way to load an SME9 contribution into SME10 using yum? If so I would be happy to check DAR2 out to see what works in the SME control panel. I didn't know that was possible or I probably would have tried it a long time ago.

is dar2 even a sme9 contrib? AFAIK only sme8

http://mirror.canada.pialasse.com/releases/obsolete/8/smecontribs/x86_64/RPMS/smeserver-dar2-0.0.1-34.el5.sme.noarch.rpm

wget and try a local install...not confident of success
--
qui scribit bis legit

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
--
qui scribit bis legit

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #13 on: August 20, 2022, 12:54:32 AM »
aha, stephdl has an sme9 one on his repo
https://mirror.de-labrusse.fr/smeserver/6/noarch/smeserver-dar2-0.0.3-1.el6.sme.noarch.rpm

Since I've never done a wget and local install before, tell me if I have correctly guessed the process for doing it.

First I cd to the folder where I want to store the RPM file.
Then I
Code: [Select]
wget https://mirror.de-labrusse.fr/smeserver/6/noarch/smeserver-dar2-0.0.3-1.el6.sme.noarch.rpmFinally I would
Code: [Select]
yum install smeserver-dar2-0.0.3-1.el6.sme.noarch.rpm

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #14 on: August 20, 2022, 01:26:43 AM »
panel can not load on sme10 for a sme9 or before contrib because of suid perl not available anymore


regarding your templates
- 91e-smithAccessPrimarysubdirs

will break your httpd with next update

-90e-smithAccess40ibays
will break also, and i highly suggest not overriding such essential fragment to add error page and rather add a fragment in Virtualhost folder with a condition based on domain


35SSL10SSLHonorCipherOrder exist already with a way to set what you want using db. set accordingly and remove the custom fragment to avoid issue if syntax change in a new release. 


is suspect 92Expires is **part of** the problem as after 2 days i am able to see your website once and then not anymore if i hit refresh or click another link to it.
also remember you have cloudflare doing caching for you in between when not behind your lan. 

speaking of cloudflare have you checked your settings there and compared to those of your other ibay which is working? I pointed multiple time in that direction and you never replied. 


regarding your php.ini override remember sme is using php-fpm all you do in php.ini is overrided by php-fpm so custom fragment are probably useles and might interfer with cli calls

regarding qmail custom fragment most of then have configurable setting via db.


the more custom you do the more risk of breaking on update you have 


Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: odd browser problem just surfaced, could it be SME related?
« Reply #15 on: August 20, 2022, 02:04:19 AM »
Since I've never done a wget and local install before, tell me if I have correctly guessed the process for doing it.

First I cd to the folder where I want to store the RPM file.
Then I
Code: [Select]
wget https://mirror.de-labrusse.fr/smeserver/6/noarch/smeserver-dar2-0.0.3-1.el6.sme.noarch.rpmFinally I would
Code: [Select]
yum install smeserver-dar2-0.0.3-1.el6.sme.noarch.rpm

I usually try and keep it as foolproof as possible :-) yum localinstall /tmp/rpm_name.rpm although localinstall was supposed to only be needed on el5, el6 just install

see JPs warnings, if you want to play best to use a test VM and NOT a prod system
--
qui scribit bis legit

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: odd browser problem just surfaced, could it be SME related?
« Reply #16 on: August 20, 2022, 06:52:01 AM »
 DAR2 contrib has been added to smecontribs for SME10  see wiki for details https://wiki.koozali.org/DAR2

Please, any who have the need and are prepared to do a little extra curricula activity see Bug 12153 for intial port to sme10 
--
qui scribit bis legit

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #17 on: August 23, 2022, 01:04:21 AM »
panel can not load on sme10 for a sme9 or before contrib because of suid perl not available anymore


regarding your templates
- 91e-smithAccessPrimarysubdirs

will break your httpd with next update

-90e-smithAccess40ibays
will break also, and i highly suggest not overriding such essential fragment to add error page and rather add a fragment in Virtualhost folder with a condition based on domain


35SSL10SSLHonorCipherOrder exist already with a way to set what you want using db. set accordingly and remove the custom fragment to avoid issue if syntax change in a new release. 


is suspect 92Expires is **part of** the problem as after 2 days i am able to see your website once and then not anymore if i hit refresh or click another link to it.
also remember you have cloudflare doing caching for you in between when not behind your lan. 

speaking of cloudflare have you checked your settings there and compared to those of your other ibay which is working? I pointed multiple time in that direction and you never replied. 


regarding your php.ini override remember sme is using php-fpm all you do in php.ini is overrided by php-fpm so custom fragment are probably useles and might interfer with cli calls

regarding qmail custom fragment most of then have configurable setting via db.


the more custom you do the more risk of breaking on update you have

To answer the question about Cloudflare first, I've checked those settings every time someone reported a problem to us and they have never changed. The settings on all three domains match one another so I doubt that the problem lies there.

I've dumped the custom template for mod_expires. I had added it after reading somewhere that recommended adding this to reduce file requests to the server from browsers. Since you suspected it might be causing a problem and since our server is never under much of a load anyway I figured that we could do without it.

I also took a look at the original SME CipherOrder template and found the db property to set so I've dumped that custom template as well. Since I had to copy the custom php.ini fragment into the opt/remi/php## custom template folders for those settings to work in the ibays it makes sense to do like you said and drop it from the /etc custom template. When I get a chance I'll see what I can figure out for the qmail db settings.

The questions I have are about the other two templates that you said will cause problems. For setting the custom error document I can see where that could break due to the modification of an existing SME template. Can I do something like this instead:
Code: [Select]
<Directory /home/e-smith/files/ibays/Primary/html>
ErrorDocument statements
</Directory>
<Directory /home/e-smith/files/ibays/sierraplaza/html>
ErrorDocument statements
</Directory>
and then name that custom template something like 9999ErrorDocs to make sure it gets added to the bottom of the httpd.conf file below anything written by the SME master templates?

You also say that 91e-smithAccessPrimarysubdirs will break httpd on the next update. It this due to the name of the template that will cause it to end up in the middle of some future settings that it shouldn't be in and a rename to put it below SME added items will fix it or is there another problem with it? Also are you referring to the next update of SME10 or is it the upcoming SME11 that it will break?

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #18 on: August 23, 2022, 02:43:34 AM »
the issue with your custom template will arise with 10.1 update coming soon. 



I have found what create your issue.  this is the double redirection in your ibay.

I can point to the .store oneget back refresh. quit the page and come back it works everytime. 
as soon as i go to the .com, first click on a link brings you to .store and from there whatever you do you get stuck with browsing your own ip.

i would either have cloudflare handle the redirection, either move the .com to another ibay and redirect from there.

you could also check how you do the redirection. apache redirect or apache mod rewrite. 

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #19 on: August 24, 2022, 01:27:24 AM »
the issue with your custom template will arise with 10.1 update coming soon. 



I have found what create your issue.  this is the double redirection in your ibay.

I can point to the .store one get back refresh. quit the page and come back it works everytime. 
as soon as i go to the .com, first click on a link brings you to .store and from there whatever you do you get stuck with browsing your own ip.

i would either have cloudflare handle the redirection, either move the .com to another ibay and redirect from there.

you could also check how you do the redirection. apache redirect or apache mod rewrite.
I think I've got the httpd.conf custom templates figured out now. I've got it trimmed down to three of them.

75AddTypesAV which you didn't comment on so I assume it will be fine.

ZZe-smithAccessPrimarysubdirs which contains the following to secure our web site administration page:
Code: [Select]
<Directory /home/e-smith/files/ibays/Primary/html/administration>
    Options None
    Options +Includes
    SSLRequireSSL
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 10.0.3.0/255.255.255.0
    AuthType Basic
    AuthBasicProvider external
    AuthName "WD Site Admin"
    AuthExternal pwauth
    Require user admin
    Satisfy any
</Directory>
All I did with this file was rename it to something that should place it below any templates that SME might add in future updates. Let me know if there is anything in this file that might cause problems in the future and please be specific about exactly what it is that would cause a problem.

The final custom template for httpd.conf is ZYerrorDocsibays which contains:
Code: [Select]
<Directory /home/e-smith/files/ibays/Primary/html>
    ErrorDocument 400 /http_error.php?error_id=400
    ErrorDocument 401 /http_error.php?error_id=401
    ErrorDocument 403 /http_error.php?error_id=403
    ErrorDocument 404 /http_error.php?error_id=404
    ErrorDocument 405 /http_error.php?error_id=405
    ErrorDocument 408 /http_error.php?error_id=408
    ErrorDocument 415 /http_error.php?error_id=415
    ErrorDocument 416 /http_error.php?error_id=416
    ErrorDocument 417 /http_error.php?error_id=417
    ErrorDocument 500 /http_error.php?error_id=500
    ErrorDocument 501 /http_error.php?error_id=501
    ErrorDocument 502 /http_error.php?error_id=502
    ErrorDocument 503 /http_error.php?error_id=503
    ErrorDocument 504 /http_error.php?error_id=504
    ErrorDocument 505 /http_error.php?error_id=505
</Directory>
<Directory /home/e-smith/files/ibays/sierraplaza/html>
    ErrorDocument 400 /http_error.php?error_id=400
    ErrorDocument 401 /http_error.php?error_id=401
    ErrorDocument 403 /http_error.php?error_id=403
    ErrorDocument 404 /http_error.php?error_id=404
    ErrorDocument 405 /http_error.php?error_id=405
    ErrorDocument 408 /http_error.php?error_id=408
    ErrorDocument 415 /http_error.php?error_id=415
    ErrorDocument 416 /http_error.php?error_id=416
    ErrorDocument 417 /http_error.php?error_id=417
    ErrorDocument 500 /http_error.php?error_id=500
    ErrorDocument 501 /http_error.php?error_id=501
    ErrorDocument 502 /http_error.php?error_id=502
    ErrorDocument 503 /http_error.php?error_id=503
    ErrorDocument 504 /http_error.php?error_id=504
    ErrorDocument 505 /http_error.php?error_id=505
</Directory>
I tested this particular code on our test server and found it correctly triggers the error page so I got rid of the 90e-smithAccess40ibays custom template that would have caused problems with future updates.

I also took a look to find the proper db settings to force the use of only TLS1.1 or higher so I was able to get rid of that custom template. I'm guessing that since openSSL was updated to version 1.1.1 that the SSL cipher list for SME10 was updated to prefer TLS1.3 ciphers first.

So that brings us back to the problem I posted about in the first place. I'm confused about what you mean by double redirection in the ibay. Other than the fact that I have pointed both westerndepot.com and westerndepot.store to the primary ibay I have set no redirects of any kind in Apache. In fact I made sure to turn off forced SSL under Apache because that immediately created problems for anyone that tried to connect without SSL. The fact that all links within the site are set as https switches to SSL soon enough to suit our needs.

Granted all of the links and the cookie domain are set as westerndepot.store by the site but I would have thought that clicking one of the links when the site is accessed as westerndepot.com would have had essentially the same effect as clicking on a link to a different site entirely. Do you think I need to have PHP check to see whether the site has been accessed as westerndepot.com or westerndepot.store and then set the links accordingly? I'd just need to check the PHP $_SYSTEM variable to see which domain was used to access the site and have it set the defines for the site domain based on that.

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #20 on: August 24, 2022, 02:29:37 AM »
as long as you use a redirector such as cloudflare, you need to keep that simple on your side. 

cloudflare is already spoofing your dns by telling he acts as your domain and then probably reverse proxy to your server.

adding more internal rewriting in the same ibay make it a reciepe for disaster.  keep it simple like your other website. 

put the .com ok a desicated ibay with either a php script or a httpd configuration to redirect all .store before accessing the website.  I think it will be kiss and will solve the issue. 

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #21 on: August 24, 2022, 08:19:19 PM »
as long as you use a redirector such as cloudflare, you need to keep that simple on your side. 

cloudflare is already spoofing your dns by telling he acts as your domain and then probably reverse proxy to your server.

adding more internal rewriting in the same ibay make it a reciepe for disaster.  keep it simple like your other website. 

put the .com ok a desicated ibay with either a php script or a httpd configuration to redirect all .store before accessing the website.  I think it will be kiss and will solve the issue.
I think I may have found the source of the problem. I was taking a look at the contents of the PHP $_SERVER variable this morning and found three different parts of the variable that reflect the way the site was accessed: SERVER_NAME, HTTP_HOST and SCRIPT_URI. With the standard SME settings all three reflected exactly the way the site was accessed so if I used www.westerndepot.com they all three would contain www.westerndepot.com. If I used westerndepot.store they would all three contain westerndepot.store and if I directly used the IP address then all three contained the IP address.

However when I looked at the online manual for the PHP $_SERVER variable I discovered this note:
Quote
'SERVER_NAME'
    The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.

        Note: Under Apache 2, you must set UseCanonicalName = On and ServerName. Otherwise, this value reflects the hostname supplied by the client, which can be spoofed. It is not safe to rely on this value in security-dependent contexts.
That prompted me to look at the contents of http.conf where I discovered that UseCanonicalName was turned off. I found the SME template for this setting and saw that the off is hard coded and not set by a db variable. I therefore copied that SME template to templates-custom and changed the off to on.

With UseCanonicalName now turned on HTTP_HOST still matches what was used to access the site but SERVER_NAME and SCRIPT_URI contain westerndepot.com if the site is accessed using westerndepot.com, www.westerndepot.com or the IP address and they contain westerndepot.store if accessed using either westerndepot.store or www.westerndepot.store.

All links on the web site are created from the following bit of code:
Code: [Select]
  define('HTTP_SERVER', 'https://westerndepot.store');
  define('HTTPS_SERVER', 'https://westerndepot.store');
  define('HTTP_COOKIE_DOMAIN', 'westerndepot.store');
  define('HTTPS_COOKIE_DOMAIN', 'westerndepot.store');
And I had been thinking of doing something like this:
Code: [Select]
if (stripos($_SERVER['SERVER_NAME'], 'westerndepot.com') !== false) {
  define('HTTP_SERVER', 'https://westerndepot.com');
  define('HTTPS_SERVER', 'https://westerndepot.com');
  define('HTTP_COOKIE_DOMAIN', 'westerndepot.com');
  define('HTTPS_COOKIE_DOMAIN', 'westerndepot.com');
} else {
  define('HTTP_SERVER', 'https://westerndepot.store');
  define('HTTPS_SERVER', 'https://westerndepot.store');
  define('HTTP_COOKIE_DOMAIN', 'westerndepot.store');
  define('HTTPS_COOKIE_DOMAIN', 'westerndepot.store');
}
to match the links to the way the site was accessed but with UseCanonicalName now turned on I'm not sure that I need to do that now. What is happening with the site on your end now that the usage of Canonical Names has been forced on?

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #22 on: August 25, 2022, 03:05:10 AM »
you are doing things to create situations like the current one and also are harming your website reputation by dividing the traffic between two domains with exactly the same content. 

this is bad for two reasons :

- you get half visitor or so on each domains. 

- also having a website that looks like a duplicate reduce a lot the rating for google and other search engine. 

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: odd browser problem just surfaced, could it be SME related?
« Reply #23 on: August 25, 2022, 12:26:33 PM »
you are doing things to create situations like the current one and also are harming your website reputation by dividing the traffic between two domains with exactly the same content. 

Yup. Almost becoming a XY Info problem.

Quote
- also having a website that looks like a duplicate reduce a lot the rating for google and other search engine.

Yup. You will get clattered for doing this. A number of years ago Google went to town on skin sites and the like. They are pretty good at spotting sites that are mainly just duplicates with maybe a thin skin on top, both at the same address, and at different addresses.

Do one site. If you want a second, you need to make it substantially different.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #24 on: August 25, 2022, 11:04:02 PM »
you are doing things to create situations like the current one and also are harming your website reputation by dividing the traffic between two domains with exactly the same content. 

this is bad for two reasons :

- you get half visitor or so on each domains. 

- also having a website that looks like a duplicate reduce a lot the rating for google and other search engine.
We never have advertised westerndepot.store or used that domain in our Google Product Feed. The only real reason we applied for it in the first place was because people were getting directed to odd places when trying to connect to westerndepot.com even though our DNS settings with Cloudflare had never changed. In those cases would tell them to try connecting to westerndepot.store instead.

I've permanently set all links on our site back to westerndepot.com and  have changed the DNS records with Cloudflare for westerndepot.store from A records pointing to our server to CNAME records pointing to westerndepot.com. With that done should I delete the westerndepot.store domain from our server or do I need to leave it there?

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #25 on: August 25, 2022, 11:12:59 PM »
with all that done you still need to setup the store domain to a separate ibay and set it the way you want to redirect to .com.

as long as you have your domain pointing to your server the default will be to point to primary ibay unless set otherwise. 

again if it point to your website, google will naturally explore it and find out it is a duplicate.  you do not have to declare it to google , it will occur.

wether you declare it a cname or A it wil still end to your ip and then your website unless specified otherwise to your apache config ie, having domain pointed to another ibay stating wait we redirect you to .com

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #26 on: August 26, 2022, 01:08:59 AM »
with all that done you still need to setup the store domain to a separate ibay and set it the way you want to redirect to .com.

as long as you have your domain pointing to your server the default will be to point to primary ibay unless set otherwise. 

again if it point to your website, google will naturally explore it and find out it is a duplicate.  you do not have to declare it to google , it will occur.

whether you declare it a cname or A it wil still end to your ip and then your website unless specified otherwise to your apache config ie, having domain pointed to another ibay stating wait we redirect you to .com
Okay, I've created a new ibay specifically for westerndepot.store. Now how do I redirect any traffic that might go to it to the same file on westerndepot.com. In other words:
Code: [Select]
westerndepot.store/index.php?cpath=456 to westerndepot.com/index.php?cpath=456
westerndepot.store/specials.php to westerndepot.com/specials.php
and so forth.

I'm not seeing anything in server-manager under either Information Bays or I-Bays Web Hosting that would set this up so I'm assuming that I will need a custom template for Apache to add the needed redirect. I just have no idea how to word it.

Oh, and I just got a call from a guy reporting that he was getting a "server at 108.204.251.233 took too long to respond" when trying to access westerndepot.com so something is still screwed up somewhere since that IP is owned by AT&T not us. The DNS settings at Cloudflare haven't been changed so something else is causing the problem.

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #27 on: August 26, 2022, 04:14:52 AM »
Code: [Select]
# host westerndepot.com
westerndepot.com has address 104.21.80.147
westerndepot.com has address 172.67.223.182
westerndepot.com has IPv6 address 2606:4700:3032::ac43:dfb6
westerndepot.com has IPv6 address 2606:4700:3037::6815:5093
westerndepot.com mail is handled by 10 mail.westerndepot.com.


while round robin dns is a thing, from my experience, you should not play with that because most often than needed the browser will pick the wrong ip

if your server is 104.21.80.147 , then remove 172.67.223.182 or vice et versa.


for what I tested, this works with 172.67.223.182, so I guess you need to tidy your DNS... again at cloudflare, as they are your NS.

for the redirection check the internet for either
httpd Redirect

or
httpd mod rewrite

either put it in a htaccess file or in a template custom.
also rather than an ibray you can also set your domain with its dedicated virtual host template see wiki for that.

Code: [Select]
# host westerndepot.store
westerndepot.store has address 188.114.96.0
westerndepot.store has address 188.114.97.0
westerndepot.store has IPv6 address 2a06:98c1:3121::
westerndepot.store has IPv6 address 2a06:98c1:3120::
westerndepot.store mail is handled by 10 mail.westerndepot.com.


Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #28 on: August 26, 2022, 11:59:19 PM »
Code: [Select]
# host westerndepot.com
westerndepot.com has address 104.21.80.147
westerndepot.com has address 172.67.223.182
westerndepot.com has IPv6 address 2606:4700:3032::ac43:dfb6
westerndepot.com has IPv6 address 2606:4700:3037::6815:5093
westerndepot.com mail is handled by 10 mail.westerndepot.com.


while round robin dns is a thing, from my experience, you should not play with that because most often than needed the browser will pick the wrong ip

if your server is 104.21.80.147 , then remove 172.67.223.182 or vice et versa.


for what I tested, this works with 172.67.223.182, so I guess you need to tidy your DNS... again at cloudflare, as they are your NS.

for the redirection check the internet for either
httpd Redirect

or
httpd mod rewrite

either put it in a htaccess file or in a template custom.
also rather than an ibray you can also set your domain with its dedicated virtual host template see wiki for that.

Code: [Select]
# host westerndepot.store
westerndepot.store has address 188.114.96.0
westerndepot.store has address 188.114.97.0
westerndepot.store has IPv6 address 2a06:98c1:3121::
westerndepot.store has IPv6 address 2a06:98c1:3120::
westerndepot.store mail is handled by 10 mail.westerndepot.com.

The IP addresses you listed are all proxy IPs from Cloudflare.

I thought I found the proper code for the redirect but I am having a problem with it. I created a new custom template for httpd.conf named ZXredirectWesterndepotStore which contains the following:
Code: [Select]
<Directory /home/e-smith/files/ibays/store/html>
    RewriteEngine On
    RewriteRule ^(.*)$ https://westerndepot.com/$1 [R=301,L]
</Directory>
Once I did an expand-template on httpd.conf and a signal-event console-save I pointed westerndepot.store to the store ibay. The settings for this ibay are as follows:
Group admin
Write=admin Read=group
Public Access entire internet (no passwords)
Dynamic Content disabled
Force Secure disabled
and in web hosting I changed Directory Listing to disabled and left everything else at the default.

The problem now is that when I tested accessing anything using westerndepot.store all I get is a Forbidden error message. I could see a Not Found message with the redirect apparently not working properly since there is nothing in the ibay but the Forbidden message is puzzling since that ibay should be publicly readable with no password. What did I do wrong?
For now, until it can get resolved, I'm going to temporarily switch westerndepot.store back to the Primary ibay since I'm getting flooded with email messages from Fail2Ban due to this problem.

I had one thought occur to me last night. Is it possible that running westerndepot.com from the Primary ibay might have something to do with some people getting sent to odd IP addresses when trying to access the site? After all that is the ibay that is used if you put the IP address for the server into a web browser. We've been running westerndepot.com in the Primary ibay since the days of SME6 and didn't start having the problem reported to us until about halfway through the lifetime of SME9 so is it possible that some change to Apache could have started causing an occasional glitch with the IP and domain pointed to the same ibay? Would it be worth moving westerndepot.com from Primary to a new ibay?

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #29 on: August 27, 2022, 03:54:31 AM »
thousand server are running using primary ibay without issue. 

the chances are higher that the more you add layer to you setting the more you hack things to make it seem to work as you intend.

the code you show to alter the server variable might work with one situation and just fails when one arrives thru 2 proxy (one from cloudflare and their own. ) or any other situation. 


regarding the current rewrite rule.  what are the setting of your ibay before the rule is added?
what is the httpd error log content when trying to access?

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
Re: odd browser problem just surfaced, could it be SME related?
« Reply #30 on: August 30, 2022, 01:27:40 AM »
thousand server are running using primary ibay without issue. 

the chances are higher that the more you add layer to you setting the more you hack things to make it seem to work as you intend.

the code you show to alter the server variable might work with one situation and just fails when one arrives thru 2 proxy (one from cloudflare and their own. ) or any other situation. 


regarding the current rewrite rule.  what are the setting of your ibay before the rule is added?
what is the httpd error log content when trying to access?

I hadn't thought to check the http error log. The rewrite was failing because FollowSymbolicLinks was turned off for the store ibay. Once I turned that on the redirect from westerndepot.store to westerndepot.com worked fine.

After doing some reading about the difference between Rewrite and Redirect I've changed the code for the redirect to:
Code: [Select]
<Directory /home/e-smith/files/ibays/store/html>
    RedirectMatch permanent ^/(.*)$ https://westerndepot.com/$1
</Directory>
since that forces the browser to immediately change from westerndepot.store to westerndepot.com rather than just connecting it to westerndepot.com via proxy.

Unfortunately here on the local end of the server Chrome is still changing westerndepot.com into the server's IP address and dropping everything after the .com. Every other web browser works fine. That makes me wonder if people from outside the local network are still going to have some problems when connecting if using Chrome. Are there any server logs you can think of that might provide some insight into this?