POST wp-cron.php?doing_wp_cron – 500 error

Home Forums BulletProof Security Free POST wp-cron.php?doing_wp_cron – 500 error

This topic contains 9 replies, has 2 voices, and was last updated by  o6asan 2 years, 5 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #27027

    o6asan
    Participant

    I moved my entire wordpress to HTTPS on October 19. Actually, I don’t know when the problem started, but, it seems to start after moving to HTTPS by logs. I found a 500 Error like below on Apache log: I found this: https://wordpress.org/support/topic/wp-cron-throwing-500-errors-on-ssl-sites on WordPress Forums. Is my trouble related to this or something else? How can I fix my issue?

    example.com - - [08/Dec/2015:15:29:17 +0900] "POST /wp-cron.php?doing_wp_cron=1449556157.0618669986724853515625 HTTP/1.0" 500 - "-" "WordPress/4.3.1; https://example"

    Its error log says “Use ‘LogLevel debug’ to get a backtrace.” So I tried and had the below.

    [core:error] [pid 10308:tid 2384] [client xxx.xxx.xxx.xxx:60973] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
    [core:debug] [pid 10308:tid 2384] core.c(3599): [client xxx.xxx.xxx.xxx:60973] AH00121: r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-content/plugins/bulletproof-security/403.html
    [core:debug] [pid 10308:tid 2384] core.c(3605): [client xxx.xxx.xxx.xxx:60973] AH00122: redirected from r->uri = /wp-cron.php

    Thanks in advance.

    #27033

    AITpro Admin
    Keymaster

    You can either add or remove Alternative Cron for testing to see if that works:  http://forum.ait-pro.com/forums/topic/doing_wp_cron-doing-wp-cron-displayed-in-browser/

    Make sure that you are not blocking wp-cron.php with any Bonus Custom Code or other custom htaccess code that you are using.

    Make sure that you do not have mixed http and https links|URL’s and that you are using https/ssl Rewrite htaccess code:  http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233

    If you have mod_security enabled then disable it/turn it off for testing.

    This file name is not valid:  /wp-content/plugins/bulletproof-security/403.html  BPS comes with a 403.php Security Logging file here:  /wp-content/plugins/bulletproof-security/403.php and does not have a 403.html Security Logging file.  So either you have created a custom 403.html file or the error message is not valid.

    Do BPS troubleshooting steps:  http://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting

    #27368

    o6asan
    Participant

    Hi AITpro Admin,
    thank you for your quick reply and sorry my late one. I tried your suggestion and finally found an exact cause. But I don’t know how to fix it. When I moved my entire wordpress to HTTPS, I began to support HTTP/2 on the server at the same time. Besides, I forbade accesses from HTTP/0.9 and HTTP/1.0, so I added the followings to the head of the ROOT .htaccess.

    RewriteEngine On
    RewriteCond %{THE_REQUEST} ^POST(.*)HTTP/(0\.9|1\.0)$ [NC]
    RewriteRule .* - [F,L]

    On the access log, wp-cron.php uses HTTP/1.0 at the access. I don’t understand why ‘Request exceeded the limit of 10’ occurs. Does this customization have something wrong?
    Even so, why does wp-cron.php use HTTP/1.0 protocol for its post still now?

    My server environment:
    Windows7 HE SP1 x86
    Apache 2.4.18 Win32 VC14 from Apache Lounge
    PHP7.0.0 VC14 x86 Thread Safe from windows.php.net
    MariaDB10.1.9 win32 from MariaDB.org

    About WordPress:
    WordPress4.4
    Its plugins:
    Ajax Edit Comments 5.0.36.0
    Akismet 3.1.6
    Broken Link Checker 1.10.10
    BulletProof Security .53.1
    Jetpack by WordPress.com 3.8.1
    Redirection 2.4.3
    Thin Out Revisions 1.8.3
    WP Lightbox 2 3.0.5
    WP Multibyte Patch 2.5
    WP REST API Version 2.0-beta9
    WP Wapuu Widget 0.4.3
    WP-Mail-SMTP 0.9.5
    Yet Another Related Posts Plugin 4.2.5

    Thanks!

    #27374

    AITpro Admin
    Keymaster

    ‘Request exceeded the limit of 10’ when using HTTPS/SSL usually means you have http URI’s|URL’s|links on pages/in Source Code that should be https URI’s|URL’s.  All HTTPS pages should have ONLY https URI’s|URL’s in the Source Code, otherwise you will get infinite redirect loops.  Check the Source Code of your website pages by right mouse clicking on them an select “View Source” (or a similar menu command).

    I am not sure why the cron is using Server Protocol HTTP/1.0, but if you cannot fix that problem then you will not be able to use you custom code that blocks Server Protocol HTTP/1.0 and will have to remove that code.

    #27465

    o6asan
    Participant

    Hi, I resolved the issue.
    I found this thread out: http://stackoverflow.com/questions/14805267/mod-rewrite-error-whilst-rewriting-subdomain-to-directory-via-http-host. The figure http://i.stack.imgur.com/8rO3E.png SáT gave is very helpful for me. Now I understand the issue not being related to BPS free, but its occurring about internal URIs when such RewriteRule are used for, I mean like the RewriteRule I wrote.
    I changed the code like this.

    RewriteEngine On
    RewriteCond %{THE_REQUEST} ^POST(.*)HTTP/(0\.9|1\.0)$ [NC]
    RewriteCond %{REQUEST_URI} !^/example.com/%1
    RewriteRule .* - [F,L]

    By the way, can you give me a favor?
    I cannot understand Kevin Stricker and SáT words because of my lack of knowledge about RewiteRule.

    I find adding RewriteRule ^public_subdomains – [L] before the rewrite rule is cleaner than adding another RewriteCond. – Kevin Stricker Feb 20 ’13 at 22:17

    @mootinator Absolutely, that looks a lot more idiomatic and nicer. – SáT Feb 21 ’13 at 1:09

    What do I write for this? I added RewriteRule ^example.com – [L] instead of RewriteCond %{REQUEST_URI} !^/example.com/%1, but it didn’t work.

    Thanks.

    #27475

    o6asan
    Participant

    OOPS!
    I was wrong. On the test server the error has gone but on the production server it is still alive.

    #27476

    AITpro Admin
    Keymaster

    RewriteRule ^public_subdomains - [L] before the rewrite rule” means if this RewriteRule is placed before the other htaccess rules and the URI is public_subdomains then Rewrite to that URI. Since the L flag is used then rule processing does not continue on past that rule to other htaccess rules if the URI is public_subdomains. Another way of looking at RewriteRule ^public_subdomains - [L] is that you can consider it a whitelist rule or a bypass/skip rule.

    Your code is cancelling out (do not allow and allow at the same time for the domain) the rule so it is not a good approach. Maybe you need to try something like this, which says if the Query String is NOT doing_wp_cron= and the Request IS Post HTTP/0.9 OR HTTP/1.0 then Forbid the Request.

    RewriteCond %{QUERY_STRING} !^doing_wp_cron=
    RewriteCond %{THE_REQUEST} ^POST(.*)HTTP/(0\.9|1\.0)$ [NC]
    RewriteRule .* - [F,L]

    But the bigger problem is that the error is a 500 error and not a 403 error, which means that the server cannot process the Request at all.  So if you are lucky the htaccess rule/code may prevent the 500 error from occurring, but more likely this is a server configuration issue that needs to be fixed in the httpd.conf file or other server configuration file.  There is a known problem with FastCGI and PHP applications, which requires a server configuration change.  See this old post about the FastCGI issue and the solution:  http://www.ait-pro.com/aitpro-blog/4349/misc-projects/wordpress-tips-tricks-fixes/php5-3-x-php5-4-x-user-ini-file-does-not-work-known-php5-3-x-user-ini-fastcgi-wordpress-zend-issue/

    #27762

    o6asan
    Participant

    Hi AITpro Admin,
    Sorry for my very very late reply. But I think your suggestion is very important, so I’ve dug into my problem though I cannot solve it, besides, in my country people are very busy from the end of years to the beginning of next years because of a lot of family events.

    I don’t use FastCGI.
    When I stop using the custom code the server gives me 200 code about cron.php.
    I checked my error log about 500 error. When I stop using the custom code, the server doesn’t give a lot of them. But I found an example. About ‘/wp-content/uploads/browserconfig/square.png’ I have a 500 error. There is no browserconfig directory in the uploads.

    I tried something and had the following results.
    /wp-content/uploads/browserconfig/square.png  —>  500 error
    /wp-content/uploads/browserconfig/  —>  500 error
    /wp-content/uploads/square.png  —>  custom 404.html shows up.
    /wp-content/uploads/browserconfig  —>  custom 404.html shows up.

    For directories that exist, I had the following results.
    /wp-content/uploads/example/square.png  —>  custom 404.html shows up.
    /wp-content/uploads/example/  —>  custom 403.html shows up.
    /wp-content/uploads/example  —>  a / added, then custom 403.html shows up.

    I was looking for a resolution but I cannot find it still now. What is wrong about the server configuration?

    By the way, if possible, I want to forbid all accesses from HTTP/0.9 and HTTP/1.0. Because I have no problem about WordPress update things even if I have 500 error about cron.php.

    #27764

    AITpro Admin
    Keymaster

    Ok first you cannot use your custom code because it is not working correctly so delete your custom code.  Next you need to contact your host and figure out why this folder is being seen/exists when it really does not:  /wp-content/uploads/browserconfig/.  This is above and beyond the support we can offer so this something that you need to figure out with your host.

    #27809

    o6asan
    Participant

    Hi AITpro Admin,
    Thanks for your help.

    First, I deleted my custom code. But the next thing is not possible because I host the server by my own. So I’m going to keep checking up my server configuration. I end the thread in this case.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.