ERROR: wp_remote_get() function is blocked or unable to get the URL path

[Jeff C]

Hi,

Under the Apache Modules|Directives area in the system info section, I am getting a half dozen wp_remote_get() function is blocked messages. Do I need to worry about that? If so, how do I fix it?

Jeff

[AITpro Admin]

The ERROR: wp_remote_get() function is blocked error means that the WordPress wp_remote_get() function is not able to check/GET the Apache Module test image files in this folder: /plugins/bulletproof-security/admin/mod-test/.  Possible causes could be that the WordPress wp_remote_get() function is being blocked/not allowed by something either that you have installed on your site or maybe something your server is blocking or maybe a folder/file permission or folder/file Ownership issue/problem and the /mod-test/ folder and images cannot be retrieved for testing.  If the Apache Module test fails then BPS will use the old mod_access_compat Order, Allow, Deny directives as a fallback. Try clicking the View Visual Test link and let me know what happens.

Also since this Apache Module test thing is brand new then there are other possible things that could occur.  ie things we do not know about yet like something a particular host is doing that is different, etc.

[Jeff C]

Wow, thanks for the speedy and comprehensive reply. I did click the View Visual Test link, and here is what I got:
[invalid email URL’s deleted]

Here’s info from the window:
Server Type: LiteSpeed
Operating System: Linux
WP Filesystem API Method: direct
Server API: litespeed CGI Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
ERROR: wp_remote_get() function is blocked
ERROR: wp_remote_get() function is blocked
ERROR: wp_remote_get() function is blocked
mod_access_compat is NOT Loaded|Order, Allow, Deny directives are NOT supported
mod_authz_core is NOT Loaded
mod_authz_host is NOT Loaded

Jeff

[AITpro Admin]

Interesting test results.  I would like to login to this website to find out what is going on.  Send a WordPress Administrator login to edward at ait-pro dot com.

[AITpro Admin]

The problem was being caused by invalid code in the wp-config.php file, which then broke the WordPress plugins_url() function throughout BPS Pro code, all other plugins and themes and WordPress itself causing that function to see a folder path to the /plugins/ folder instead of the URL to the /plugins/ folder.
https://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content_folder

This code was in your wp-config.php file and has been commented out.
define('WP_CONTENT_URL', '/wp-content');

The correct usage for this constant: WP_CONTENT_URL is you would enter the full URI|URL to your website’s wp-content directory and not a folder path.
Set WP_CONTENT_URL to the full URI of this directory (no trailing slash), e.g.
define( 'WP_CONTENT_URL', 'http://example/blog/wp-content' );

Your System Info page is now displaying this below, which is exactly correct for your website/server:
Server Type: LiteSpeed
Operating System: Linux
WP Filesystem API Method: direct
Server API: litespeed CGI Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
mod_authz_host is NOT Loaded

[Jeff C]

Follow up. I believe I found the source of the invalid line of code you found in the wpconfig.php file. To assist him in migrating my site, my site developer used a plugin called Root Relative URLs. That plugin’s installation instructions https://wordpress.org/plugins/root-relative-urls/installation/ say to put the line you found (among others) in the wpconfig.php file. He left those lines in after migration, but we know now that he should have removed them.

Thanks again for all your help and a fabulous plugin.

Jeff

[AITpro Admin]

The Root Relative URLs plugin is a classic case of a plugin that should never be installed/used for any reason:  The Plugin has not been updated in 2.5 years, the Plugin Author is MIA – last support response was 2 years ago, the plugin author is instructing users to do something with WordPress wp-config.php code that is not valid/is an incorrect usage and most importantly the Plugin Support area for that plugin is chocked full of the same problem over and over – breaks URL’s in other plugins and everything else.

[Jose]

Hi,

My website is having a similar issue today. Visual test shows images from 1 to 4. Numbers 5 and 6 aren’t showing any image. It’s a shared hosting and I set folders permissions very restrictive a long time ago. Now every page is loading completely after 18 seconds or more on average. What could I do? The info showed is this:

Server Type: Apache
Operating System: Linux
WP Filesystem API Method: direct
Server API: cgi-fcgi CGI Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
: mod_access_compat is NOT Loaded|Order, Allow, Deny directives are NOT supported
mod_authz_core is NOT Loaded
mod_authz_host is NOT Loaded

[AITpro Admin]

I do not think blocking the wp_remote_get() function would cause pages to load slowly, but you can test that by unblocking the wp_remote_get() function however you are blocking that function.  ie in your wp-config.php file or if you have set folder permissions too restrictive then you would fix those folder permissions.

[Jose]

I think that it wasn’t blocked (folder permissions wp.http.php 644) (That’s right I guess) In fact, there wasn’t changes in the last days, so otherwise I’m going to contact the host company.

function wp_safe_remote_get( $url, $args = array() ) {
	$args['reject_unsafe_urls'] = true;
	$http = _wp_http_get_object();
	return $http->get( $url, $args );
}

function wp_remote_get($url, $args = array()) {
	$http = _wp_http_get_object();
	return $http->get( $url, $args );
}

[AITpro Admin]

I see from another forum topic that you are using the BPS POST Request Attack Protection Bonus Custom Code so make sure you are whitelisting ALL of the standard WordPress files that need to be whitelisted.  http://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/

[Herpai Gergely]

[Topic has been merged into this relevant Topic]
Hi, while we were checking out the BPS interface, we encountered the following errors:

Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path”.

Also image 5,6,8,10,11 are missing in the visual section. We have no clue what this may mean, but we suspect, that it leads the frequent 508 errors on our website. Please, investigate and help. Regards, Gergely

[AITpro Admin]

@ Herpai Gergely – Please read this forum topic and see if any of the issues discussed in this forum topic are causing the problem.  ie bad/invalid code in your wp-config.php file, etc.

[Phil Yonge]

Hello Edward,

Rather than start a new thread I thought I would post the numerous problems I have in here as I think they may be all connected to the thread title problem.  This is the 2nd time I have installed BPS Pro on my VPS.  The 1st time was about a year ago and I didn’t have any of the problems noted below (for your information that website is no longer on the VPS and I can’t look to see what is going on in that account as a reference check).

The changes to my VPS over the last 12 months have been standard Apache & PHP updates.  I have had Apache version 2.4.x running since purchasing BPS Pro.  I have also installed Mod_Security with OWASP ModSecurity Core Rule Set.  I have also changed my OS from CentOS to Cloud Linux with CageFS installed for increased security.  I currently have PHP version 5.6.30 installed.

I installed WP 4.7.2 a few days ago and built the website.  Initially the pre-installation wizard for BPS Pro hanged and I had to turn off cURL scan.  No red warnings, just the blue notifications about cURL scan turned off and current Root .htaccess file is not locked.

The full setup wizard again no red warnings and just the blue notification about cURL scan turned off.

I decided to check the System Info link and then the errors started showing in Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No).  If I click the System Info a number of times I get different amount of errors and even no errors.  Here are a few sample outputs below with visual test results as well:

Server Type: Apache
Operating System: Linux
WP Filesystem API Method: direct
Server API: cgi-fcgi CGI Host Server Type

ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
: mod_access_compat is Loaded
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

1, 7, 9 (without a white #9 displayed in the bottom right corner), 12

---

403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

1, 7, 9 (without a white #9 displayed in the bottom right corner), 12

---

ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
: mod_access_compat is Loaded
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

1, 7, 9 (without a white #9 displayed in the bottom right corner), 12

---

Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

---

ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
ERROR: wp_remote_get() function is blocked or unable to get the URL path
: mod_access_compat is Loaded
200: mod_rewrite Module is Loaded

1, 7, 9 (without a white #9 displayed in the bottom right corner), 12

I have checked my wp-config file and it seems to be perfectly normal.  File and folder permissions are set to 644 and 755 respectively.

The other odd thing is that the BPS test email is not working either with this notification (I have replaced and hidden my website info with *’s):

Unable to connect to http://*****/wp-content/plugins/bulletproof-security/admin/test/bps-email-check.php

I checked the BPS Security Log and saw this (I have replaced and hidden my server and website info with *’s):

[403 GET Request: February 8, 2017 8:20 am]
BPS Pro: 12.6.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: *****
Host Name: ******
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://*****/wp-content/plugins/bulletproof-security/admin/test/bps-email-check-wp-mail.php
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/test/bps-email-check-wp-mail.php
QUERY_STRING:
HTTP_USER_AGENT: WordPress/4.7.2; http://*****

I hope you can help me please.

Many thanks,

Phil

[AITpro Admin]

@ Phil Yonge – Do these troubleshooting steps to find the cause of the problems.

Troubleshooting steps in the order they should be done:
1. Do BPS Pro troubleshooting steps #1, #2, #3 to confirm or eliminate BPS Pro: https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting
2. Disable Mod_security to confirm or eliminate Mod_security.
3. Disable CageFS to confirm or eliminate CageFS.
4. Deactivate all other plugins to confirm or eliminate other plugins.

[Author]

Posts