Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In rc3 and rc4 (rc2 works) when update module checks for updates and you're behind a firewall it is unable to retrieve them ( saying it in the logs). This leads to a connection timeout that prevents the admin pages to be loaded quickly
Temporary solution might be not to check "automatically check for updates" at install time or disable the module
Hope this helps
poehnix
Comments
Comment #1
dww#172708: updating from an intranet
#7881: Add support to drupal_http_request() for proxy servers (http not https)
Comment #2
-Anti- CreditAttribution: -Anti- commentedI have just set-up my first VPS hosting account which comes with WHM.
WHM comes with a firewall called CSF.
CSF is in it's default configuration.
When enabled, it causes the problem described here.
It is neither an intranet or proxy; just a normal remote web server.
TCP on port 80 seems to be open both ways in CSF.
So what else am I supposed to configure in the CSF to allow 'update status' to work?
Thanks.
Comment #3
dwwI recommend looking at the status of the issue before you reply to it. If it says "duplicate" (like this one), then read the issue(s) that are pointed to instead of reading and replying here. ;)
Comment #4
-Anti- CreditAttribution: -Anti- commentedThanks, but the links and other related threads don't mention WHY the server firewall would block the script's connection, or HOW to allow the script through the server firewall. *This* is the most concise thread; it describes my problem exactly. This problem will also affect anyone using WHM with CSF firewall enabled in its default configuration.
The other threads are about intranets and proxies, which is not the issue at all. I've also searched many other threads, and cannot find an instance where the server firewall settings were identified as the problem. Actually, now that you've mentioned it, I don't think this issue is a duplicate or a bug report. So I've changed it to 'support request' and 'active'.
Looking at the emails I'm getting from CSF:
Network connections by the process (if any):
tcp: 213.175.xxx.xxx:54828 -> 140.211.166.6:80
Apparently the update status script uses a random port in the upper range.
This is why the connection is being blocked.
The CSF email also contains this information:
Executable: /usr/bin/php
Command Line (often faked in exploits): /usr/bin/php /home/[name]/public_html/index.php
Adding the following line to 'LFD process ignore' works:
cmd:php /home/[name]/public_html/index.php
Can anyone tell me how insecure that makes my installation, and if there is a more concise, specific way to allow the update status script through the firewall without simply allowing index.php to do whatever it wants?
Thanks.
Comment #5
Anonymous (not verified) CreditAttribution: Anonymous commentedHi
I am closing this issue due to old age. Feel free to reopen it.