Home › Forums › BulletProof Security Free › ManageWP Uptime Monitor whitelist IP addresses
- This topic has 9 replies, 2 voices, and was last updated 2 years ago by AITpro Admin.
-
AuthorPosts
-
HannahParticipant
My client’s site, https://t3greenhousesupply.com, is hosted on GoDaddy managed WordPress and I monitor it using ManageWP. It gets very frequent downtime notices, usually for just 2 minutes at a time. When discussing this issue with GoDaddy support, they asked me to try to catch it when it was “down” to make sure it wasn’t a false positive. It was. Then we discussed it further with ManageWP, and they said we need to whitelist a list of IPs the ManageWP uses to monitor site downtime. Alternatively, we could use a url that has all those urls mapped to it. The question is how to do this in BPS?
AITpro AdminKeymasterYou would only need to whitelist IP addresses if something is being blocked. Is something being blocked? I would need to know what is being blocked before I could provide a solution.
HannahParticipantWell, it’s a little hard to say because we’re still troubleshooting the issue. Because these downtime notifications seem to all be false positives, the idea right now is that it appears the pings that ManageWP sends to the website to see if it’s up are being blocked:
“Here is how our Uptime Monitor add-on works:
1. It asks for your website’s headers and gets status codes like “200-ok”, “404-not found”, etc. every 5 minutes (or more depending on the monitor’s settings),
2. If the status code doesn’t indicate a problem, it reports the website as up,
3. If the status code is~400+ and 500+, then the site is not loading,
4. In order to make sure the site is down, Site24x7 makes several more checks in the next 30 seconds,
5. If the site is still down, it sends a notification and reports it as down.The “Response timeout – Did not receive response for 30sec” usually indicates that some security configuration is blocking https://www.site24x7.com/ requests if it’s a false-positive. We use Site24x7 as a 3rd party provider for our Uptime Monitor add-on. However, when their requests are blocked, there is usually a consistent pattern of very short uptimes and downtimes, which is not the case with your website. I can see that the Uptime Monitor add-on reports it as “UP” for several hours before it times out.”
They advised that we modify the PHP settings, with these values recommended:
memory_limit = 512M
upload_max_filesize = 256M
post_max_size = 256M
max_execution_time = 300
max_input_vars = 3000(We made those changes and then increased the max filesizes upward again. The downtime notices have decreased but are still occurring.)
Further, they advised: “Additionally, you can try and allow Site24x7’s Seattle IP on the server’s side and under any security plugins or firewall that you may have on your website, just to be on the safe side.
Here is a full list of their IPs: https://www.site24x7.com/multi-location-web-site-monitoring.htmlAlso, there is another method to achieve this. Site24x7 has mapped all its monitoring location IP addresses to a single domain name: site24x7.enduserexp.com. That way all your security options will be up to date at all times.”
I hope this helps, as it’s all I really know at this point.
AITpro AdminKeymasterIf BPS is blocking anything it will be logged in the BPS Security Log. If your web host is blocking something then you would have to ask them if they are blocking that. What type of request is being made from site24x7? If the request is a HEAD request then you would need to allow all HEAD requests by doing the steps below.
1. Copy the code below into this Root Custom Code text box: 9. CUSTOM CODE REQUEST METHODS FILTERED
2. Click the Save Root Custom Code button.
3. Activate Root Folder BulletProof Mode.# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and copy # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code # text box: CUSTOM CODE REQUEST METHODS FILTERED. # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
HannahParticipantHm. Checked the security log and nothing at all has been logged since I installed it on July 20. Maybe this is something to do with GoDaddy Managed WP? I don’t really know how it works or what it takes over from the site. I’ll try the custom code you sent and see what happens.
HannahParticipantLaughing at myself for not checking the existing custom code before responding. The code you sent is already present in custom code box 9. Sorry for that.
HannahParticipantFYI – we did get 6 more sets of downtime/uptime notifications yesterday. It’s driving me crazy that the only way to know if one is for real and the site actually needs attention is to load it after each notice I receive. Is there no way to whitelist a url short of installing the Pro version?
AITpro AdminKeymasterGoing by what was said above the check is done every 5 minute or more depending on your settings. If you wanted to check your site once per minute you could create a cron job in your control panel that pings the site once per minute, but then you would have to check your server logs to check for any crons that did not fire correctly or you could create a logging file and ping it with the cron. Probably more effort then you want to invest in this.
So if a site actually goes down then there should be errors in the server logs. If on the otherhand, the host server is what is going down then you will not see any errors because the entire server including error logging would be down.
HannahParticipantThank you. I’m just trying to eliminate all these false positives so that when I get a downtime notice I know it’s real. With so many sites to manage, and this being the only one that’s behaving this way, it’s a real mental resource sucker (a time-sucker, too). So I was mainly trying to see if whitelisting the Manage WP IPS or url would stop the flow of notifications and how to do this in the free version of BPS. Is this possible? Or do I need to upgrade to the Pro version for this site?
AITpro AdminKeymasterI don’t think you can solve this problem using BPS or BPS Pro. If this is the only website that is having this issue and it is not constant and instead intermittent then the logical things to look would be plugins and themes that run cron jobs at certain intervals that could be overloading the website and causing it to crash briefly. First step, compare the plugins installed on this site vs your other sites. Next step, figure out which plugins are running cron jobs likely to use a lot of resources, such as backup plugins that backup files and databases, etc.
-
AuthorPosts
- You must be logged in to reply to this topic.