UI is unusable on my WP instance

Resolved aberbenni
(@aberbenni)

5 years, 2 months ago

NGINX
PHP-FPM 7.2
WP 5.0.3
Tested with Health Check plugin with only Post SMTP plugin activated.

User Interface is completely unusable, cannot see buttons and tabs, so I cannot use the plugin.

I have a screenshot.

The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

yehudah

(@yehudah)

5 years, 2 months ago

Paste diagnostic test here

Thread Starter

aberbenni

(@aberbenni)

5 years, 2 months ago

Does not work: https://ibb.co/7zg28cs

yehudah

(@yehudah)

5 years, 2 months ago

Disable every plugin.
Does the error remain?

Thread Starter

aberbenni

(@aberbenni)

5 years, 2 months ago

Yes, found this in console:

postman.css:1 Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR
postman.js:1 Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR
postman_diagnostics.js:1 Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR

NGINX is configured with SSL and HTTP2. I’m looking further into this.

Strange thing is that only postman files have spdy protocol error, the rest of admin is working.

Browser Vivaldi/Chrome. Same in Firefox.

I’m using Avast but web protection is disabled for this website domain.

Thread Starter

aberbenni

(@aberbenni)

5 years, 2 months ago

Digging into the issue I decided to create an /smtp/ folder with an index.html file and test with curl.

curl -v -L -I https://www.mywebsite.com/smtp/index.html

Result:

*   Trying XX.XX.XXX.XXX...
* TCP_NODELAY set
* Connected to www.mywebsite.com (XX.XX.XXX.XXX) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.mywebsite.com
*  start date: Oct  9 00:00:00 2018 GMT
*  expire date: Oct  9 12:00:00 2019 GMT
*  subjectAltName: host "www.mywebsite.com" matched cert's "*.mywebsite.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=RapidSSL RSA CA 2018
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x6ff558000300)
> HEAD /smtp/index.html HTTP/2
> Host: www.mywebsite.com
> User-Agent: curl/X.XX.X
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2)
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (92) HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2)

In access.log I found:

[06/Feb/2019:22:49:52 +0100] "HEAD /smtp/index.html HTTP/2.0" 444 0 "-" "curl/X.XX.X" "-"

At the end I discovered a (common) misconfiguration of NGIX that blocks access to location containing smtp, and other strings:

# Block web attacks
location ~* (roundcube|webdav|smtp|http\:|soap|w00tw00t) {
    return 444;
}

Suggested here http://www.queryadmin.com/1071/deny-access-sensitive-files-nginx/ and in many other sites on the web. I think this is a common nginx configuration.

yehudah

(@yehudah)

5 years, 2 months ago

I saw this but didn’t had the time to thank you for sharing.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘UI is unusable on my WP instance’ is closed to new replies.

Tags