Apache 2.4 server upgrade – configuration problems

[Tin Hoang]

Hi I upgraded to apache2.4  and PHP 7 recently from apache2.2 and PHP5. I managed to resolve some errors in syntax between 2.2 and 2.4 and got my main site to load in a multisite installation of WordPress. The main site is here:

mysalonpage.com
however all my subdomain sites (ex.gds.mysalonpage.com) are not working and they display the error code 500
below is my current BPS htaccess.
Something else to note is when I goto gds.mysalonpage.com it doesn’t spit out any errors in the /var/log/apache2/error.log file so I cant even tell what is breaking.
Please help.
secure.htaccess:
[htaccess code viewed and deleted]

more info:
I took a peek in the /plugins/bulletproof-security/admin/ folders (ex. php) and the .htaccess contain old syntax from apache2.2 ex.
“Order, Deny, Allow” etc

[AITpro Admin]

Your Wordfence htaccess cache code and other Wordfence htaccess code is not valid.  Do these steps to get BPS working and then contact Wordfence for help with the Wordfence htaccess code.  Also update BPS Pro to the most current version:  12.9.  The version of BPS Pro that you have installed is over 1 year old.

1. Use FTP and delete your root htaccess file so that you can login to your site.
2. Go to BPS Root Custom Code, Export your Custom Code and click the Delete button to delete all of your Custom Code.
3. Go to the BPS Setup Wizard page > run the Pre-Installation Wizard > run the Setup Wizard.  The Setup Wizard will create the correct code for your Apache server type and version.
4. Contact Wordfence for help with your Wordfence htaccess code.

[Tin Hoang]

Hi thank you for you reply I will try out the BPS steps first.

How do I update BPS? I don’t get a notification in WordPress Updates section that there is a new version of BPS and when I force “Manual Upgrade Check” It doesnt do anything.

Thank you,
Tin

[AITpro Admin]

See this forum topic for how to check for problems the cause the BPS Pro upgrade notification not to be displayed on the WordPress Plugins page and also how to manually download and install the BPS Pro plugin:  https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-bps-pro-upgrade-installation-methods/

[Tin Hoang]

Hello,

I  upgraded to version 12.9.1 using the zip file update method and then ran through the steps you outlined in your initial response. The root .htaccess file the setup generates still has syntax from apache2.2 and so breaks the site. see below

<FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
Order Allow,Deny <----apache2.2
Deny from all         <----apache2.2
Allow from 127.0.0.1 <----apache2.2
</FilesMatch>

It seems like BPS isn’t detected that I am running version Apache2.4.

ideas?
Thanks,
Tin

[AITpro Admin]

BPS htaccess code is created based on the BPS Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No) checks.  You can view the results of those checks on the BPS System Info page.  If your Apache 2.4 server httpd.conf file is configured correctly then it will contain the new Module directive code for Apache 2.4, which now uses:  LoadModule authz_core_module modules/mod_authz_core.so.  Note:  Your httpd.conf file could and probably will still contain:  LoadModule access_compat_module modules/mod_access_compat.so.  Go to the BPS System Info page and copy and paste your Apache Modules check results and post it in your reply.

Example:
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

If you see that the mod_authz_core module is not loaded then that means your Apache httpd.conf file does not have the mod_authz_core module directive code in it that loads the mod_authz_core module.

If you see that the mod_authz_core module is loaded then that means your Apache httpd.conf file does have the directive code in it that loads the mod_authz_core module. Most likely that would mean the problem is that you have copied old BPS htaccess code to this BPS Root Custom Code text box: 13. CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES, which would override any checks, code, etc. You would need to delete that old htaccess code from BPS Custom Code, save your changes and run the Setup Wizard again.

[Tin Hoang]

Looks like we have something to go on:
Server Type: Apache/2.4.25 (Ubuntu) OpenSSL/1.0.2k
Operating System: Linux
WP Filesystem API Method: direct
Server API: apache2handler DSO Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
500:500:500: mod_access_compat and mod_authz_core or mod_rewrite is NOT Loaded

looks like the line
“LoadModule authz_core_module modules/mod_authz_core.so” is
already is in one of my mods enabled:
/etc/apache2/mods-enabled/authz_default.load
and that file has the following contents
“LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so”

My httpd.conf was blank but
I added “LoadModule authz_core_module  /usr/lib/apache2/modules/mod_authz_core.so” to it and restarted my server but that didnt help.
ideas?

Update:

Hi, it turns out I was missing mod_access_compat. I then:
1. I enabled the mod
>sudo a2enmod access_compat
>sudo service apache2 restart
My new BPS System Info now shows:

Server Type: Apache/2.4.25 (Ubuntu) OpenSSL/1.0.2k
Operating System: Linux
WP Filesystem API Method: direct
Server API: apache2handler DSO Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
200: mod_access_compat is Loaded
200: mod_rewrite Module is Loaded

2. Deleted all the .htaccess files using FTP.
3. Ran the Pre-installation setup wizard without any error
4.Ran the Setup Wizard with this error:

BulletProof Security Pro Uploads Anti-Exploit Guard (UAEG) Setup:
Error: Unable to create or update File /home/[username]/…/webapps/wordpress/wp-content/uploads/.htaccess

But the Setup Wizard completes. Even though my root .htaccess file (located /home/[username]/MSP/wordpress/) contains

<FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
Order Allow,Deny <----apache2.4??
Deny from all <----apache2.4??
Allow from 127.0.0.1
<FilesMatch>

I only have 1 virtual host enabled:

<VirtualHost *:80>
DocumentRoot /home/[username]/MSP/webapps/wordpress/
ServerName [mainsitedomain.com]
</VirtualHost>

My main site still works but my subsites still don’t work.
ideas?
Thanks,
Tin

[AITpro Admin]

Note:  This forum Topic title has been changed to accurately reflect the problem:  Apache 2.4 server upgrade – configuration problems

I think you need to backup and start from the beginning again with your new Apache 2.4 server upgrade.  The Apache 2.4 server build contains Apache 2.4 default files that you should be using and that you would then customize by adding your old Apache 2.2 configuration directive settings and modifying them so that they are correct for Apache 2.4.

1. You want to make backup copies of your Apache 2.2 files: httpd.conf, vhosts conf, etc.
2. Copy all your new Apache 2.4 configuration files to their correct Apache directories.
3. Use your Apache 2.2 backup configuration files to copy your old vhosts conf directive code to your new Apache 2.4 vhosts conf file.  IMPORTANT!!!  Your Apache 2.4 vhosts conf file (and all Apache version configuration files) contain example code for the correct “new” configuration directive code/settings that you should now be using.  DO NOT use your exact OLD Apache 2.2 directive code/settings for your new Apache 2.4 server configuration files.  That is why you are having all these problems.
4. Apache 2.4 httpd.conf file:  Most likely all you need to do is copy your new Apache 2.4 httpd.conf file to the correct directory and do not need to do anything else to your new Apache 2.4 httpd.conf file.  It should already contain all the correct new Apache 2.4 directive code/settings.
5. Your Server API is DSO.  So if your previous Apache 2.2 server API was also DSO then you should not need to do these DSO setup steps:  https://forum.ait-pro.com/forums/topic/dso-setup-steps/  If your Apache 2.2 server API was not setup as DSO then you either need to change your Apache 2.4 server API to CGI or do the additional DSO setup steps.

This code below is for a XAMPP Apache 2.4 server httpd-vhosts.conf file and not a Ubuntu Apache server vhosts conf file – DO NOT USE this example code – these examples are only for a visual aid/guide to assist you.  All Apache versions configuration files always contain example code in their configuration files.  Use the example code in your new Apache 2.4 configuration files and not this exact XAMPP Apache configuration code below.

<VirtualHost *:80>
	ServerAdmin postmaster@localhost
	DocumentRoot "C:/xampp/htdocs"
	ServerName localhost
	ServerAlias localhost
	<Directory "C:/xampp/htdocs">
		Options All
		AllowOverride All
		Require all granted 
	</Directory>
</VirtualHost>

## AITpro Main site
<VirtualHost aitpro-main.local:80>
	ServerAdmin postmaster@localhost
	DocumentRoot "C:/xampp/htdocs1/aitpro-main"
	ServerName aitpro-main.local
	ServerAlias aitpro-main.local
	<Directory "C:/xampp/htdocs1/aitpro-main">
		Options All
		AllowOverride All
		Require all granted
	</Directory>
</VirtualHost>

[Author]

Posts