Hello,
Opencart version 3.0.3.7
The issue also exists on another install of 3.0.3.8 on same VPS but I’m focused on using 3.0.3.7. While I work on this these installs are in /public_html/3037 or 3038
The issue is this.
From Admin when I go to System > Localisation > Geo Zones I have a geo zone in there that will consist of the lower 48 + DC here in the US for free shipping purposes so it will have 49 entries eventually I hope. If I click to edit the “lower 48” geo zone where I am trying to add a zone for each of the 48 states +1 the ones I have already entered will not load completely and I get a popup error after it does show me 4 entries for this geo zone. It only takes a few seconds for the pop error to show itself. The pop up shows...
www.mydomain.com says
error
Not Found
Not Found
<!DOCTYPE html>
The rest of the text in the pop up appears to be HTML source from the home page of a live site running OC 1.5.6.4 that is in the root (public_html) of this same VPS I'm working on for all of this. It has nothing to do with this installation.
There are no errors generated in the log in Admin.
Latest web server error log messages show
[Tue Mar 28 23:08:38.453908 2023] [:error] [pid 760925:tid 47008912598784] [client 151.167.110.17:41664] client denied by server configuration: /home/user/public_html/3037/admin/index.php, referer: https://www.yourdomain.com/3037/admin/i ... _zone_id=5
And it just repeats from all my attempts to have a look. Also that client ip shown is made up but the actual ip that is in the message belongs to a CDN that I use even though I am not using the CDN on these test installs. I have it set to not cache the directories they are in and looking at the dashboard at my provider it isn't.
I have added 10 of the 48 states to this lower 48 geo zone and they appear to be in the oc_zone_to_geo_zone table but I can’t add to the Geo Zone in admin as I get the same pop up I described above every time I try to edit it. Just to be clear when I click to edit this geo zone the 10 entries I have already entered never appear on the screen. Maybe 4 at the most will show themselves to me and then the popup appears and all the rest of the entries are greyed out after I close the popup with my only option for the greyed out lines I can see is to delete.
If I use browser developer tools and have it on console when I click to edit the lower 48 geo zone I see.... and if I click the network tab of the developer tools I see.. Both screenshots are from the 3038 install but 3037 behaves exactly the same way.
Anyone have any idea what the problem is?
Opencart version 3.0.3.7
The issue also exists on another install of 3.0.3.8 on same VPS but I’m focused on using 3.0.3.7. While I work on this these installs are in /public_html/3037 or 3038
The issue is this.
From Admin when I go to System > Localisation > Geo Zones I have a geo zone in there that will consist of the lower 48 + DC here in the US for free shipping purposes so it will have 49 entries eventually I hope. If I click to edit the “lower 48” geo zone where I am trying to add a zone for each of the 48 states +1 the ones I have already entered will not load completely and I get a popup error after it does show me 4 entries for this geo zone. It only takes a few seconds for the pop error to show itself. The pop up shows...
www.mydomain.com says
error
Not Found
Not Found
<!DOCTYPE html>
The rest of the text in the pop up appears to be HTML source from the home page of a live site running OC 1.5.6.4 that is in the root (public_html) of this same VPS I'm working on for all of this. It has nothing to do with this installation.
There are no errors generated in the log in Admin.
Latest web server error log messages show
[Tue Mar 28 23:08:38.453908 2023] [:error] [pid 760925:tid 47008912598784] [client 151.167.110.17:41664] client denied by server configuration: /home/user/public_html/3037/admin/index.php, referer: https://www.yourdomain.com/3037/admin/i ... _zone_id=5
And it just repeats from all my attempts to have a look. Also that client ip shown is made up but the actual ip that is in the message belongs to a CDN that I use even though I am not using the CDN on these test installs. I have it set to not cache the directories they are in and looking at the dashboard at my provider it isn't.
I have added 10 of the 48 states to this lower 48 geo zone and they appear to be in the oc_zone_to_geo_zone table but I can’t add to the Geo Zone in admin as I get the same pop up I described above every time I try to edit it. Just to be clear when I click to edit this geo zone the 10 entries I have already entered never appear on the screen. Maybe 4 at the most will show themselves to me and then the popup appears and all the rest of the entries are greyed out after I close the popup with my only option for the greyed out lines I can see is to delete.
If I use browser developer tools and have it on console when I click to edit the lower 48 geo zone I see.... and if I click the network tab of the developer tools I see.. Both screenshots are from the 3038 install but 3037 behaves exactly the same way.
Anyone have any idea what the problem is?
looks like a server rate limit provision.
When viewing a geo zone, it fires rapid ajax calls for each entry (twice) in that zone.
I would guess your server config detects this as a probe/scanner activity and after so many requests blocks you with a 404.
and better move this statement in admin/view/template/localisation/geo_zone_form.twig:
from the success function to the complete function so it doesn't do the call twice for each line.
When viewing a geo zone, it fires rapid ajax calls for each entry (twice) in that zone.
I would guess your server config detects this as a probe/scanner activity and after so many requests blocks you with a 404.
and better move this statement in admin/view/template/localisation/geo_zone_form.twig:
Code: Select all
$('select[name$=\'[country_id]\']:disabled:first').trigger('change');
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
Thanks for the reply.
I contacted my host who only suggested that I disable mod security which I did temporarily but no change. Not sure what else to try.
I did find another post from someone here from just over a year ago with same issue. viewtopic.php?t=222173 Looks like their solution was to switch servers which seems extreme.
Moving that line from success to complete did change the behavior slightly and by that I mean that a few more lines loaded before I got the error popup.
I think you meant that it needed to be done regardless so maybe I will come back to that later but for now I undid the moving.
I know this is a server issue as I have these running on xampp server locally and they work fine.
I'll keep trying things and stuff.
I contacted my host who only suggested that I disable mod security which I did temporarily but no change. Not sure what else to try.
I did find another post from someone here from just over a year ago with same issue. viewtopic.php?t=222173 Looks like their solution was to switch servers which seems extreme.
Moving that line from success to complete did change the behavior slightly and by that I mean that a few more lines loaded before I got the error popup.
I think you meant that it needed to be done regardless so maybe I will come back to that later but for now I undid the moving.
I know this is a server issue as I have these running on xampp server locally and they work fine.
I'll keep trying things and stuff.
Yes, that move should be permanent.
It does a double request because the calls are async and on success the trigger for the next call is not yet adjusted to the next line so it does the same call for the same line again unnecessarily, doubling the total calls, you can see it in web developer tools.
Moving the next call to the complete function makes sure that the trigger is set correctly to the next line.
These calls are fired rapidly, depending on how fast the result comes back, in your case it comes back with a 404 error result after a certain amount of calls which then triggers the error function because the result returned is not json encoded but a php/server generated html error page (OC ajax error handling does not cater well for server generated error output) and it all stops.
Could be mod_security or mod_evasive or mod_qos or some other limiting measures your host has installed, and may not even be aware of.
I suppose if it is only effecting your ability to geo-zones, once that is done you can turn it back on.
It does a double request because the calls are async and on success the trigger for the next call is not yet adjusted to the next line so it does the same call for the same line again unnecessarily, doubling the total calls, you can see it in web developer tools.
Moving the next call to the complete function makes sure that the trigger is set correctly to the next line.
These calls are fired rapidly, depending on how fast the result comes back, in your case it comes back with a 404 error result after a certain amount of calls which then triggers the error function because the result returned is not json encoded but a php/server generated html error page (OC ajax error handling does not cater well for server generated error output) and it all stops.
Could be mod_security or mod_evasive or mod_qos or some other limiting measures your host has installed, and may not even be aware of.
I suppose if it is only effecting your ability to geo-zones, once that is done you can turn it back on.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
No other page in default admin has this self-propelled ajax call construction to populate a list so it should only affect the geo-zones.
If you have a fixed ip you can whitelist it in these mods or tweak the parameter in mod_evasive:
default is more than one request for the same url within one second which is rather aggressive in today's internet environment. Besides, OC sites are rarely (D)DOS-ed, most OC sites DOS themselves (poor extensions, poor redirects) making mods like evasive more of an annoyance than a safeguard.
If you have a fixed ip you can whitelist it in these mods or tweak the parameter in mod_evasive:
Code: Select all
<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
Thanks mona,
Even though I didn't quite understand it (I'm no server admin unless it's via GUI) I did see that one could whitelist your IP if it was static. My host is pretty decent about helping me out with things like that though... but since I do not have a static IP I stopped reading about it.
I have a live 1.5.6.4 LIVE store on this same VPS and when I go have a look at the geo zones (just to see difference) it will show me the zones rather quickly. In the development directory I have this 3.0.3.7 install in it is as slow as molasses but it did allow me to set it up and save so I think I'm good now.
Even though I didn't quite understand it (I'm no server admin unless it's via GUI) I did see that one could whitelist your IP if it was static. My host is pretty decent about helping me out with things like that though... but since I do not have a static IP I stopped reading about it.
I have a live 1.5.6.4 LIVE store on this same VPS and when I go have a look at the geo zones (just to see difference) it will show me the zones rather quickly. In the development directory I have this 3.0.3.7 install in it is as slow as molasses but it did allow me to set it up and save so I think I'm good now.
Who is online
Users browsing this forum: Semrush [Bot] and 12 guests