In rc3 and rc4 (rc2 works) when update module checks for updates and you're behind a firewall it is unable to retrieve them ( saying it in the logs). This leads to a connection timeout that prevents the admin pages to be loaded quickly
Temporary solution might be not to check "automatically check for updates" at install time or disable the module

Hope this helps
poehnix

Comments

dww’s picture

dww
we/he/they
CreditAttribution: dww commented
Component: update system » update.module
Status: Active » Closed (duplicate)

#172708: updating from an intranet
#7881: Add support to drupal_http_request() for proxy servers (http not https)

-Anti-’s picture

-Anti- CreditAttribution: -Anti- commented
Title: connection timeout behind firewall » update status: connection timeout behind firewall
Version: 6.0-rc4 » 6.12

I have just set-up my first VPS hosting account which comes with WHM.
WHM comes with a firewall called CSF.
CSF is in it's default configuration.
When enabled, it causes the problem described here.
It is neither an intranet or proxy; just a normal remote web server.

TCP on port 80 seems to be open both ways in CSF.
So what else am I supposed to configure in the CSF to allow 'update status' to work?

Thanks.

dww’s picture

dww
we/he/they
CreditAttribution: dww commented

I recommend looking at the status of the issue before you reply to it. If it says "duplicate" (like this one), then read the issue(s) that are pointed to instead of reading and replying here. ;)

-Anti-’s picture

-Anti- CreditAttribution: -Anti- commented
Category: bug » support
Status: Closed (duplicate) » Active

Thanks, but the links and other related threads don't mention WHY the server firewall would block the script's connection, or HOW to allow the script through the server firewall. *This* is the most concise thread; it describes my problem exactly. This problem will also affect anyone using WHM with CSF firewall enabled in its default configuration.

The other threads are about intranets and proxies, which is not the issue at all. I've also searched many other threads, and cannot find an instance where the server firewall settings were identified as the problem. Actually, now that you've mentioned it, I don't think this issue is a duplicate or a bug report. So I've changed it to 'support request' and 'active'.

Looking at the emails I'm getting from CSF:

Network connections by the process (if any):
tcp: 213.175.xxx.xxx:54828 -> 140.211.166.6:80

Apparently the update status script uses a random port in the upper range.
This is why the connection is being blocked.

The CSF email also contains this information:

Executable: /usr/bin/php
Command Line (often faked in exploits): /usr/bin/php /home/[name]/public_html/index.php

Adding the following line to 'LFD process ignore' works:
cmd:php /home/[name]/public_html/index.php

Can anyone tell me how insecure that makes my installation, and if there is a more concise, specific way to allow the update status script through the firewall without simply allowing index.php to do whatever it wants?

Thanks.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Active » Closed (fixed)

Hi

I am closing this issue due to old age. Feel free to reopen it.