Support » Plugin: Wordfence Security - Firewall & Malware Scan » Enabling Falcon Causes 500 Server Error

  • Resolved IAmMarchHare

    (@iammarchhare)


    I’ve used WF for some time now, installing it when I moved servers a few times even.

    Last night, I was getting high usage on one of my sites running on a VPS. I finally upped the RAM, and I left it in maintenance mode most of the night to wait out the unusual traffic (the .htaccess checks for a specific file, and if it exists, it will put up a static page saying the site is undergoing maintenance).

    I’ve been looking at caching plugins today, and I realized WF has Falcon. To make a long story short, I turned it on, and I immediately was given a 500 server error. I mucked around with trying the admin page, the front page and the blog page (the front page is a specific WordPress page). I ended up copying over the .htaccess file I had backed up and then I could access the admin page to turn off caching.

    I have no idea what to try. I would really like to give this a chance, even though I run a smaller site there seem to be a lot of bots and such that all want to hit the site at inconvenient times. 🙁

    Specifics:

    I am running with WP_CRON disabled and running through crontab instead.

    I am running a child theme of Customizr, and the only change is a customized 404 page.

    I have the following plugins:

    401 for WordPress
    Anti-Spam by CleanTalk
    Basic User Avatars
    Jetpack by WordPress.com
    RDP Wiki-Press Embed
    SEO Redirection
    ShortCode Redirect
    Wordfence Security
    WP fail2ban
    XCloner
    Yoast SEO

    One thing that is very different and may or may not play a role is that there is a MediaWiki wiki in a subdirectory of the site.

    https://wordpress.org/plugins/wordfence/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Thanks for the detailed report — I don’t know of any issues with the plugins or theme you have, but I’m also not familiar with a few of them.

    Do you know where to find the site’s error log? If so, usually the “500” errors should have a more detailed message about what went wrong, in that log.

    One possibility, if your host is running Apache 2.4, some of the directives in .htaccess have changed since Apache 2.2. If they install mod_access_compat, the 2.2-compatible version will still work. (The message in the error log file will help confirm if this is the issue.)

    Also, do you use CloudFlare or any other reverse proxy? I’ve heard of one case where CloudFlare was set to pass IPv6 traffic to the server, but the server’s PHP wasn’t compiled with IPv6 support. If you have a copy of the .htaccess file that causes the 500 error, that could help narrow down the issue, too.

    -Matt R

    Thread Starter IAmMarchHare

    (@iammarchhare)

    One possibility, if your host is running Apache 2.4, some of the directives in .htaccess have changed since Apache 2.2.

    I did not know that. Does that mean the directives you add to .htaccess won’t work in 2.4? I am running 2.4.7.

    Indeed, the error log shows several lines I’m not familiar with like:

    [Sun Nov 01 19:42:30.963839 2015] [core:alert] [pid 21275] [client 71.218.76.82:46654] /var/www/.htaccess: order not allowed here, referer: http://www.churchofgodperspective.org/wp-content/plugins/wordfence/css/main.css?ver=37d2c930d8517afa8039eac193c2f226
    [Sun Nov 01 19:42:34.092275 2015] [core:alert] [pid 21060] [client 71.218.76.82:46656] /var/www/.htaccess: order not allowed here, referer: http://www.churchofgodperspective.org/wp-admin/admin.php?page=WordfenceSitePerf

    No, I am not using CloudFlare or anything like that.

    My .htaccess file is custom but not overly convoluted:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    # See http://www.javascriptkit.com/howto/htaccess14.shtml
    # The following causes 500 errors
    #Options +FollowSymlinks
    # Block by referrer, from http://www.htaccess-guide.com/deny-visitors-by-referrer/
    # Modified using http://www.htaccesstools.com/block-hitbots/
    RewriteCond %{HTTP_REFERER} ^([^.]+.)*?lanud-adisutjipto.mil.id.*$ [NC,OR]
    #RewriteCond %{HTTP_REFERER} ^([^.]+.)*?google.com/search\?q\=2\+guys\+1\+horse$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^([^.]+.)*?fr-voyage.com.*$ [NC]
    #RewriteCond %{HTTP_USER_AGENT} ^x00_-gawa\.sa\.pilipinas\.2015 [NC]
    RewriteRule .* - [F,L]
    
    RewriteBase /
    
    # Rewrite subdomains to directories
    RewriteCond %{HTTP_HOST} ^wiki\.cogperspective\.org [OR]
    RewriteCond %{HTTP_HOST} ^wiki\.churchofgodperspective\.org
    RewriteRule ^(.*)$ http://www.churchofgodperspective.org/wiki/$1 [R=301,L]
    
    RewriteCond %{HTTP_HOST} ^blog\.cogperspective\.org [OR]
    RewriteCond %{HTTP_HOST} ^blog\.churchofgodperspective\.org
    RewriteRule ^(.*)$ http://www.churchofgodperspective.org/blog/$1 [R=301,L]
    
    # Force "www"
    RewriteCond %{HTTP_HOST} ^cogperspective\.org [OR]
    RewriteCond %{HTTP_HOST} ^churchofgodperspective\.org
    RewriteRule ^(.*)$ http://www.churchofgodperspective.org/$1 [R=301,L]
    
    # Mediawiki additions
    # Short url for wiki pages
    RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/w/index.php [L]
    # Redirect / to Main Page
    RewriteRule ^/*$ %{DOCUMENT_ROOT}/w/index.php [L]
    
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    Plugin Author WFMattR

    (@wfmattr)

    The .htaccess changes should work in Apache 2.4 as long as mod_access_compat is enabled, and it usually is on most hosts. From the error message you posted above though, “order not allowed here”, it sounds like the main Apache config may have “AllowOverride None” — or some other options, but not including “Limit”, which prevents you from using certain directives in the .htaccess file.

    If the host adds “Limit” to the AllowOverride directive in the main config file and restarts the server, using “Order” in .htaccess should work. If it doesn’t work, there should be a new error in the error log about something else that is missing or disabled.

    If the server is your own VPS or dedicated server, the documentation for AllowOverride is here if you need it — just make sure to update the right AllowOverride, that only affects the web root (not “/”):
    Apache 2.4 – AllowOverride

    Let me know if this helps, or if you have any other questions.

    -Matt R

    Thread Starter IAmMarchHare

    (@iammarchhare)

    OK, that does help in that adding Limit to the AllowOverride directive worked. I’m not without some sense of confusion, though.

    From what I understand, “Order Deny,Allow” is the default, so is it necessary? More to the point, I see no other deny or allow statements, so could this have been fixed simply by commenting that line out?

    My second concern is that, since this is deprecated, could this cause issues down the road?

    At any rate, I’m going to run it like this for a day or so unless I run into issues. If it seems to be working and keeping the load down, then I’ll make it permanent.

    Plugin Author WFMattR

    (@wfmattr)

    Some hosts may change the default Order directive, so that line ensures that any Deny lines are still effective when they are used. When an IP is blocked by Wordfence while Falcon is active, it will add a “Deny” line to .htaccess for that IP, for a big performance increase, since the block will take effect before WordPress even loads.

    Our dev team will keep an eye on this to make sure that the 2.4-style directives are used before Apache removes support for the 2.2-compatible methods, so as long as your site is using the latest version of Wordfence, this should continue to work.

    Let us know if you have any more questions, or if there are any more issues. Thanks!

    -Matt R

    Thread Starter IAmMarchHare

    (@iammarchhare)

    OK, after playing with this, I’m considering this solved. Having said that, it appears that caching for me makes matters worse, espectially the high level Falcon caching. The lower level worked, for a while, but even it eventually spikes and goes wonky. I think I’m just going to move up to the next level on the VPS and increase the virtual memory in addition to the RAM increase.

    Plugin Author WFMattR

    (@wfmattr)

    Thank you for following up. It’s definitely unusual to get worse performance when enabling caching.

    If you have a moment, I’d like to know more about your server, so we can see what may have caused the issue, but if you don’t have time, that is OK, of course!

    If you do have time, you can go to Wordfence’s Scan page, and click the link “Email activity log” at the top-right corner of the “Scan Detailed Activity” box, and enter my email address: mattr (at) wordfence.com — this will send me your latest scan log, and details about the server, such as the PHP version, headers that may be set by other caches, etc.

    -Matt R

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Enabling Falcon Causes 500 Server Error’ is closed to new replies.