Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Insight / Help (Non-CPG?)  (Read 427 times)

0 Members and 1 Guest are viewing this topic.

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1510
  • aka 'i-imagine'
    • Home Page
Insight / Help (Non-CPG?)
« on: January 03, 2022, 01:17:44 am »

Am stuck, and have had no previous success from host. Looking for any advice
or information before going back to them and/or moving once again.

Have installed 1.6 here for testing: Link Removed (JC)

This is what happens with all CPG installations on this hosting account:
  • Open home page, all shows fine
  • Click a thumbnail, displayimage opens without showing intermediate, no nav links
  • Click anything, server returns a 403
  • 403 from site until cache cleared

Have not yet found any obvious .htaccess files, the installation here was done on an empty DB.

Thanks in advance
« Last Edit: January 03, 2022, 11:52:05 pm by Joe Carver »
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4826
    • Windsurf.me
Re: Insight / Help (Non-CPG?)
« Reply #1 on: January 03, 2022, 01:58:51 am »

Only way is to look at the logs. Whenever a 403 is generated it will be logged with the reason why. That should point you in the right direction. Sounds like some silly SE Linux feature is enabled but without the logs it is impossible to say what. Or just change host.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 1772
Re: Insight / Help (Non-CPG?)
« Reply #2 on: January 03, 2022, 02:54:03 am »

If it would help for me to take a look at your account, just PM me the credentials.
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1510
  • aka 'i-imagine'
    • Home Page
Re: Insight / Help (Non-CPG?)
« Reply #3 on: January 03, 2022, 04:37:46 pm »

Thanks Phill & ron4mac. PM sent.

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 1772
Re: Insight / Help (Non-CPG?)
« Reply #4 on: January 03, 2022, 10:15:36 pm »

A very strange thing happening. I've never seen it before. I used the installer_stub to do a quick install of CPG (twice) and everything functions as expected. Login, logout, make config changes, create albums ... all good.  But as soon as an image is uploaded, all requests start getting 404 errors (manifests differently on the screen). I think the solution has to be resolved by your host.
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1510
  • aka 'i-imagine'
    • Home Page
Re: Insight / Help (Non-CPG?)
« Reply #5 on: January 03, 2022, 11:50:52 pm »

Thanks for trying and your time.
(the last time I went to them with this, they claimed there were no failures
that they could see - you have confirmed more faults - thanks)

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 1772
Re: Insight / Help (Non-CPG?)
« Reply #6 on: January 04, 2022, 12:29:17 am »

Looking into it more, I determined it is only when displayimage.php is being called. I'll look into it more to see if I can come up with the precise thing that is pissing off the server. The only thing that allows me to normally access anything else again in the domain (cpg or not) is to delete the cpg data cookie in my browser.
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4826
    • Windsurf.me
Re: Insight / Help (Non-CPG?)
« Reply #7 on: January 04, 2022, 03:36:28 am »

Still sounds like an SE Linux configuration problem. I wonder what the like ownerships are? See who owns the Coppermine files compared to who owned the uploaded images.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 1772
Re: Insight / Help (Non-CPG?)
« Reply #8 on: January 04, 2022, 04:07:05 am »

I've pinpointed the issue down to an apparent problem the server is having with the CPG cookie. As long as the cookie doesn't have %3D (=) on its end, things hum along. That character is used for padding characters when the cookie length is not an exact multiple of 3 characters (long story). The cookie length changes when an image has been viewed. The server is rejecting any request when it sees those padding characters on the end of the cookie.

Maybe your host will fix it if they know what the issue is. It is possible to program around but we shouldn't have to do that when there is no such issue on other servers.
Logged

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 1772
Re: Insight / Help (Non-CPG?)
« Reply #9 on: January 04, 2022, 01:11:10 pm »

Today I'll undo most of what I left laying around on your account. Do you want me to leave a functioning CPG instance somewhere? Or perhaps let you know the couple modifications that should get around the server issue?
Logged

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 1772
Re: Insight / Help (Non-CPG?)
« Reply #10 on: January 04, 2022, 01:46:34 pm »

Okay ... I cleaned things up.  I made 2 modifications at jrcarver.com (actest) that should allow the gallery to function properly (getting around the server issue).
Is it okay for me to post here an annotated snippet of your access log that shows the http requests going from good to bad? You might want to provide it to your host.
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1510
  • aka 'i-imagine'
    • Home Page
Re: Insight / Help (Non-CPG?)
« Reply #11 on: January 04, 2022, 06:17:35 pm »

Thanks, wow, and thanks again.

Yes, please feel free to post log snips. Right now I had to take a quick trip
home to post this reply as the Coppermine sites are on/off blocked at the office,
and today is one odd day back in...

For sure, I would like to have the fixes on-hand. The bad effect first occurred on
my main / home page, which still might need attention too.

Thanks again, will be back here later today.

ron4mac

  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 1772
Re: Insight / Help (Non-CPG?)
« Reply #12 on: January 04, 2022, 06:34:18 pm »

Attached is the access log going from successful requests to failures. I troubleshot in a CPG instance I ran in shorescape.
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1510
  • aka 'i-imagine'
    • Home Page
Re: Insight / Help (Non-CPG?)
« Reply #13 on: January 06, 2022, 12:31:56 am »

Great, thanks again, will copy that to the host.

Thanks for looking at the other directories - I had seen a couple of updated files,
and haven't peered in too much yet but can safely assume you put some significant
time in for the fixes.

Marked as solved.  :)
Pages: [1]   Go Up
 

Page created in 0.025 seconds with 20 queries.