ERROR: wp_remote_get() function is blocked or unable to get the URL path

[Phil Yonge]

Hello,

Thank you for the instructions.

To save time I decided to start from scratch and install WP 4.7.2 & BPS pro 4.6 with theme 2015 on a spare sub cPanel account I have on my VPS.

I disabled Mod Security.

I disabled Cloud Linux CageFS on this account

Sometimes I get all green responses and other times I get a varying number of the red ERROR: wp_remote_get() function is blocked or unable to get the URL path

Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

I ran the httpd -M command via SSH and here is the output for the necessary modules:

Loaded Modules:
authz_host_module (static)
authz_core_module (static)
access_compat_module (static)
rewrite_module (static)

I am really stumped as how to proceed. Will BPS pro still function correctly and protect my sites despite getting the errors at random times when I check the System Info page.  Or do I need to fix something at the server level of my VPS please?

Thank you very much.

[AITpro Admin]

@ Phil Yonge – Intermittent problems are typically going to be caused by one of these things below.  Since the WP wp_remote_get() function is not blocked permanently/consistently then that eliminates things like a server or php.ini configuration setting or code in your wp-config.php file causing the problem.  BPS uses the wp_remote_get() function to run a Live htaccess file test for your server/website.  So what that means is that BPS is not going to be able to tell exactly which htaccess code does and does not work on your website/server and BPS will just fallback on generic htaccess code/files.  Your site will still be protected with htaccess file features and of course other BPS features that do not use htaccess files/code.  So you want to look at all of things below that can cause intermittent problems.  Also take a look at your server log files and see if you can find any clues for what is causing the problem.

php memory/cache/caching plugins/CDN’s/VPN’s/Proxy’s/Load Balancers/Host server problems (DNS server/DNS configuration problem, MySQL server timeout, server overloaded, etc), /Browser problems (corrupt cache, Sessions, Cookies, add-on, extension)/ISP (connectivity)/CloudFlare, etc.

[Phil Yonge]

Hello,

Thank you for your continued help.

Here are the latest logs after loading the System Info page:

[Fri Feb 17 01:27:37.575856 2017] [access_compat:error] [pid 192835] [client ***.***.***.***:35054] AH01797: client denied by server configuration: /home/*****/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-od-cond-denied.png, referer: http://*****.com/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-od-cond-denied.png

[Fri Feb 17 01:27:40.594030 2017] [authz_core:error] [pid 193012] [client ***.***.***.***:35055] AH01630: client denied by server configuration: /home/*****/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-require-ip.png, referer: http://*****.com/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-require-ip.png

[Fri Feb 17 01:27:43.392736 2017] [access_compat:error] [pid 192831] [client ***.***.***.***:35056] AH01797: client denied by server configuration: /home/*****/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-od-cond-denied.png, referer: http://*****.com/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-od-cond-denied.png

[Fri Feb 17 01:27:46.281796 2017] [access_compat:error] [pid 192832] [client ***.***.***.***:35057] AH01797: client denied by server configuration: /home/*****/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-nc-denied.png, referer: http://*****.com/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-nc-denied.png

[Fri Feb 17 01:27:48.992281 2017] [authz_core:error] [pid 193014] [client ***.***.***.***:35059] AH01630: client denied by server configuration: /home/*****s/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-nc-denied.png, referer: http://*****.com/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-nc-denied.png

[Fri Feb 17 01:27:51.777276 2017] [authz_core:error] [pid 193082] [client ***.***.***.***:35060] AH01630: client denied by server configuration: /home/*****/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-nc-require-host.png, referer: http://*****.com/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-nc-require-host.png

I have no idea as to what “clues” the above logs might provide.

Also I noticed this in my httpd.conf file and wondered if this may be helpful please:

<Files ".ht*">
    Require all denied
</Files>

[AITpro Admin]

@ Phil Yonge – The log results are normal and unfortunately not any help “clue-wise”.  Several of the BPS htaccess Live tests check for what is blocked successfully to determine which htaccess code does and does not work on your site/server.  That httpd.conf code just blocks all .ht files from being accessed directly via a Browser and would not be the root cause of the problem.  If you want I can login to this site and take a quick look and see if I find anything obvious, but I can’t look at anything outside of your WP Dashboard – ie server stuff or other things of that nature.

[Phil Yonge]

Thank you so much for all of your help. Where shall I email admin login for the site please?

My hosting provider has not been great in terms of support in the past with VPS problems. Had I known what I know now about numerous hosting companies and being owned by the parent company the EIG group I would have gone elsewhere a long time ago. A tight budget means that I am going to stay where I am until I can afford to move to a new, more expensive provider I have chosen that offers oustanding support.

[AITpro Admin]

@ Phil Yonge – Yep, that is a very common pitfall with VPS servers.  It’s kind of a catch-22 situation because the assumption is that someone who gets a VPS server is familiar with server configuration and the support is usually not going to be as “full” as if you had Shared hosting.  Also most front-line techs are not going to be that familiar with server configs.  Send the WP Admin login info to:  info at ait-pro dot com.

[Phil Yonge]

Hello,

Email sent with login details – Email subject: “WP Login From Phil Yonge”

Many thanks

[AITpro Admin]

@ Phil Yonge – Did you get my reply email a few hours ago?  I was unable to login due to an incorrect password error. Please generate a new password and send me the login info again.

[Phil Yonge]

Sorry about that, sent a new password and checked that it works.

Many thanks.

[AITpro Admin]

@ Phil Yonge – Ok I’m pretty sure that problem is being caused by open_basedir. open_basedir is a menace and I recommend that you do not use that junk, unless you are using that particular php.ini setting/directive to create virtual hosts/separate compartmentalized vhosts sites.  Your current open_basedir php.ini setting is only allowing scripts to be processed in the /home/ directory and not your actual site directory.

PHP open_basedir: /home/:/tmp:/usr/local/lib/

So let me know if you want to continue to use open_basedir or not and I will let you know what you need to do next.  open_basedir is junk so hopefully you decide to just not use that php.ini setting/directive.  A general thing that you would want to try next is to switch your PHP server version to another PHP server version.  If the problem is not being caused by open_basedir then probably this particular PHP server build/compile/installation is fubar.  The backend performance of your site/server is very bad.  Could be either or both things – open_basedir and a fubar PHP server build/compile.

[Phil Yonge]

Hello,

Thank you very much for your offer for further assistance, it is greatly appreciated.

The only alteration to the php.ini settings in WHM I have made are:

Disabled Functions: show_source, system, shell_exec, passthru, exec, popen, proc_open, phpinfo

This is the recommended settings from the Joomla security checklist documentation.

I have not edited the open_basedir settings at any point. Therefore your mention of creating virtual hosts/separate compartmentalized vhosts sites wouldn’t apply to me I believe (I don’t even know what it means anyway).

So it seems from what you are saying that I should change the settings for open_basedir and your offer of letting me know what to do next is very kind of you.

The other thing that I’m not sure what you mean is when you say, “A general thing that you would want to try next is to switch your PHP server version to another PHP server version.”. If you could elaborate on that please that would be fantastic – does it mean a re-build of PHP via EasyApache by any chance please?

Many thnaks

[AITpro Admin]

@ Phil Yonge – The main default server php.ini file/file path that is being loaded for your PHP server can be found on the BPS System Info page.  I copied your php.ini path from your System Info page yesterday when I was logged into your site – see below.  Since you have a VPS server then you have full access to all server configuration files:  php.ini, httpd.conf, vhosts, etc etc etc.  To disable open_basedir > open and edit your default server php.ini file and comment out the open_basedir directive with a semi-colon.  Example:  ;open_basedir = /home/:/tmp:/usr/local/lib/.  You will need to reboot your server for the new php.ini settings to take effect.

PHP Configuration File (php.ini): /usr/local/lib/php.ini

Before switching your PHP server, see if disabling open_basedir fixes all the problems. Switching to different PHP servers/server versions is not a one size fits all type of thing and is different for all the different web hosts and hosting server types: Shared, VPS, Dedicated hosting servers. So you will need to check your web host’s help pages for your specific steps for your VPS server on your specific host.

[Phil Yonge]

Hello,

It appears the problem has been fixed by applying the following:

1) Comment out open_basedir in server php.ini file.

2) Force update of Cloudlinux CageFS due to alteration of php.ini file.

Still getting errors on loading of System Info page.

3) Ordinarily I would rebuild Apache & PHP from my default saved config in Easy Apache. Instead I decided to build the default recommended cPanel + CloudLinux Profile.

4) Force update of Cloudlinux CageFS due to rebuild of Apache & PHP.

I have loaded the System Info page about 20 times and no more red errors. Have also shaved off between 5 & 15 seconds for System Inof page loading time so backend performance has been greatly improved.

Many, many thanks for all of your help if it is you Edward that has been helping me as its hard to tell if you have a team working with you or not.

[AITpro Admin]

@ Phil Yonge – Cool and well done! Great that you got everything working as it should be working performance-wise.  Glad we could provide a general analysis and trailmap to help out.  A few people took a look at your backend performance and we were all in agreement that something was just not right overall.  Ed, Tim & Scott (me) all kind of did a group general analysis thing. 😉

[Phil Yonge]

Thank you so much gentlemen for pointing me in the right direction.

[Author]

Posts