CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Site down every 2 days, no admin access, must clear cache

https://forum.cmsmadesimple.org/viewtopic.php?t=77682

Page 1 of 1

Site down every 2 days, no admin access, must clear cache

Posted: Mon Dec 04, 2017 5:33 pm
by Mich-adg
Hi,

i got a big problem with one of my website: every 2 days the site is down, i can't connect to the admin (i must do "recover my password" to get in). Then i clear cache and the site goes back online!

My cms is 2.1.5. Very recently my hoster (OVH in France) upgraded Apache from 2.2 to 2.4 and says it can cause troubles and ask to check the htaccess file.
Some syntax need sometimes to be changed if we got messages in the error logs, but actually i got no error message... !

Does anybody has the same problem ?

Here's my htaccess file:

Code: Select all



Options -Indexes

ServerSignature Off


# The following is to enable pretty URLS, only applicable if url_rewriting is set to 'mod_rewrite' in the config.php

<IfModule rewrite_module>

RewriteEngine on



# without www to www :

RewriteCond  %{HTTP_HOST}  !www.mysite.com

RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]



#Si l'URI contient "http:"

RewriteCond %{QUERY_STRING} http\: [OR]


#Ou si l'URI contient "["

RewriteCond %{QUERY_STRING} \[ [OR]


#Ou si l'URI contient "]"

RewriteCond %{QUERY_STRING} \] [OR]


#Ou si l'URI contient "<__script__>"

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]


#Ou si l'URI contient un script pour positionner une variable GLOBALS de PHP par URL

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]


#Ou si l'URI contient un script pour positionner une variable _REQUEST de PHP par URL

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})


#Alors on bloque la requête, on envoie un 403 avant même qu'elle n'atteigne PHP (Forbidden, Last rule)

RewriteRule ^.*$ - [F,L] 


# Fin du filtrage



RewriteBase /



# Rewrites urls in the form of /parent/child/grandchild but only rewrites if the requested URL is not a file or directory.

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^(.+)$ index.php?page=$1 [QSA]

</IfModule>



# The following are higly reommended security settings for files in your CMSMS install that should not be browsed directly

<Files ~ "\.htaccess">

  Order allow,deny

  Deny from all

</Files>

<Files ~ "\.ini$">

  Order allow,deny

  Deny from all

</Files>

<Files ~ "\.log$">

  Order allow,deny

  Deny from all

</Files>

<Files ~ "config\.php">

  Order allow,deny

  Deny from all

</Files>

<Files ~ "/lib/*php">

  Order allow,deny

  Deny from all

</Files>



RedirectMatch 403 ^.*/doc/.*\.php$

RedirectMatch 403 ^.*/lib/.*\.php$

RedirectMatch 403 ^.*/tmp/.*\.php$

RedirectMatch 403 ^.*/plugins/.*\.php$

#RedirectMatch 403 ^.*/modules/.*\.php$

RedirectMatch 403 ^.*/modules/(?!TinyMCE/responsive_filemanager/filemanager/).*\.php$

RedirectMatch 403 ^.*/uploads/.*\.php$



# The following are performance optimizations and security enhancements for content that is served by your CMSMS installation.

<IfModule mod_headers.c>

  #Header unset Last-Modified

	Header unset ETag

	FileEtag None

	Header set X-Frame-Options "SAMEORIGIN"



  # HTML5 Boilerplate

  Header set Access-Control-Allow-Origin "*"

  <FilesMatch "\.(eot|otf|tt[cf]|woff2?)$">

    Header set Access-Control-Allow-Origin "*"

  </FilesMatch>

  Header set X-UA-Compatible "IE=edge"

  <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">

    Header unset X-UA-Compatible

  </FilesMatch>

  Header set X-Content-Type-Options "nosniff"

</IfModule>



# The following setups compression for content, if compression is enabled on the server.

<IfModule deflate_module>

	AddOutputFilterByType DEFLATE text/html text/css text/plain text/html text/xml image/gif image/jpeg image/png image/ico text/javascript application/x-javascript application/javascript application/json application/pdf

</IfModule>



# The following allows the browser to cache images, scripts, stylesheets and videos.  If the expires module is enabled on the server.

<IfModule mod_expires.c>

  ExpiresActive On

  ExpiresDefault "access plus 1 month"

  # Set expires tags on various file types... so that the browser wont attempt to reload them.

  ExpiresByType image/jpg "access plus 1 year"

  ExpiresByType image/gif "access plus 1 year"

  ExpiresByType image/ico "access plus 1 year"

  ExpiresByType image/png "access plus 1 year"

  ExpiresByType image/svg+xml "access plus 1 month"

  ExpiresByType video/x-flv "access plus 1 year"

  ExpiresByType video/mp4 "access plus 1 month"

  ExpiresByType video/ogg "access plus 1 month"

  ExpiresByType video/webm "access plus 1 month"

  ExpiresByType audio/ogg "access plus 1 year"

  ExpiresByType application/pdf "access plus 1 year"

  ExpiresByType application/x-shockwave-flash "access plus 1 year"

  ExpiresByType application/javascript "access plus 1 month"

  ExpiresByType application/x-javascript "access plus 1 month"

  ExpiresByType text/javascript "access plus 1 month"

  ExpiresByType text/css "access plus 1 month"

  ExpiresByType image/vnd.microsoft.icon "access plus 1 year"

  ExpiresByType image/x-icon "access plus 1 year"

  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

  ExpiresByType font/eot "access plus 1 month"

  ExpiresByType font/opentype "access plus 1 month"

  ExpiresByType application/x-font-ttf "access plus 1 month"

  ExpiresByType application/font-woff "access plus 1 month"

  ExpiresByType application/x-font-woff "access plus 1 month"

  ExpiresByType font/woff "access plus 1 month"


  # Web Open Font Format (WOFF) 2.0

  ExpiresByType application/font-woff2                "access plus 1 month"


  <IfModule mod_headers.c>

  	# Setting cache control to public allows proxy servers to cache the items too.

  	Header set Cache-Control "public"

  </IfModule>

</IfModule>



# Send the CORS header for images when browsers request it.


<IfModule mod_setenvif.c>

  <IfModule mod_headers.c>

    <FilesMatch "\.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$">

      SetEnvIf Origin ":" IS_CORS

      Header set Access-Control-Allow-Origin "*" env=IS_CORS

    </FilesMatch>

  </IfModule>

</IfModule>

Re: Site down every 2 days, no admin access, must clear cach

Posted: Mon Dec 04, 2017 7:59 pm
by Rolf
First step, upgrade your CMS.

Re: Site down every 2 days, no admin access, must clear cach

Posted: Sat Dec 16, 2017 10:19 pm
by Franck
And regarding the issues, it's been fixed with a newer version. I remember having these issues at the end of 2016 with V2.1.5. Upgrading to 2.1.6 fixed it. But you'd better upgrade to latest version.

Re: Site down every 2 days, no admin access, must clear cach

Posted: Sun Dec 17, 2017 4:53 pm
by DIGI3
Agreed, I think upgrading CMSMS will fix the issue. There was a race condition that was causing similar issues on specific server environments that has been fixed.

Re: Site down every 2 days, no admin access, must clear cach

Posted: Mon Jan 08, 2018 9:27 am
by QuinnGi
Rolf wrote:First step, upgrade your CMS.
Hi Rolf, I've been having the same issue lately. Will upgrading the CMS screw up any other setting on the website? I've had it to work perfectly for the longest time, until now.

Re: Site down every 2 days, no admin access, must clear cach

Posted: Mon Jan 08, 2018 10:27 pm
by master3395
QuinnGi wrote:
Rolf wrote:First step, upgrade your CMS.
Hi Rolf, I've been having the same issue lately. Will upgrade the CMS screw up any other setting on the website? I've had it to work perfectly for the longest time, until now.
I would suggest duplicating the main site, into a subfolder, and upgrade that, and see if anything goes wrong.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited