PHP 8.3.6 IP Detection not working (no errors)

  • Resolved hockchas

    (@hockchas)


    2 years, 1 month ago

    I’ve searched the forum for similar situations and not found anything.

    I have a 6.5.2 WP install with Solid Security basic 9.3.2. I’m trying to overhaul all the systems I manage for various orgs and this site has used iThemes/Solid for a long time with zero issues until now. In going to RHEL 8 and PHP 8.3.6, Solid is exhibiting weird behaviors without anything I can find logged in the php-fpm log, Apache error or syslog or when I enable debugging in WP.

    The plugin installs, activates and all screens load; many of the features work (like alternate login page) but it will not detect an IP, so Site Scan doesn’t work and no configuration changes will save (I believe this has to do with REST API calls not working for some reason). At the same time, WP Statistics CAN detect the IP of my client, with no modification to the plugin — same host, same Apache config, same PHP version, it’s the same WP site so I don’t think this is really an OS or PHP issue (if one plugin with the same underlying platform can read the X-Forwarded-For, this one SHOULD be able to as well). This site is behind a DDoS mitigator so requests come in with an X-Forwarded-For header, but it’s been that way for years and Solid has worked fine. The only change has been a new OS and updated PHP. If I backrev to PHP 7.4.33, Solid again works.

    I have dropped the database, done a completely clean install, and tested on 8.1, 8.2 and 8.3 with the same results, IP checking doesn’t work for Solid WP, so I’m convinced it isn’t my database or any other plugin (I’ve removed all other plugins and started my fresh WP install with zero other plugins before installing Solid, so it’s not another plugin). On a fully fresh install of Solid, after I select the type of site and get asked to enable Security Check Pro, click Next, nothing happens, and I can’t find an error in any log for this, either. I’

    It feels very much to me like I’ve missed some critical Apache config flag, PHP setting (though my php.ini file is the same with 7.4.33 and 8.x) or some other simple, though apparently not obvious setting that is needful and I’m wearing a flat spot in my forehead hitting it against this wall. My clients are expecting me to get them updated to the most recent versions (or at least an n-1) and while I know 8.3 is still considered “beta” by WordPress at large, 8.1 is not, so I would have expected this to work under 8.1.

    Anyone fought this and won or have any ideas on how I might get a log to spit out an error I can act upon?

    TIA

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support chandelierrr

    (@shanedelierrr)

    2 years, 1 month ago

    Hi @hockchas, glad you reached out!

    I understand Solid Security is exhibiting some issues on your end when you updated your OS to RHEL 8 and PHP version to 8.3.6. I can see that you’ve already done quite a bit of troubleshooting and thanks for sharing them here!

    In order to rule out a conflict with PHP 8.3, I ran some tests using PHP 8.3 on my test sites using Apache and Litespeed servers. Here are some test demos of the Security Onboarding on a fresh install using PHP 8.3: Security Check Pro enabled | Security Check Pro disabled. As you can see in those videos, I am not getting the same behavior where nothing happens after clicking the “Next” button during the setup and both visitor and server IPs are detected fine.

    So, the next step to troubleshoot if there are no errors on the debug.log and server logs that came up, can you please add define( 'SCRIPT_DEBUG', true ); on the wp-config.php file and check the browser console if any errors are showing during Onboarding?

    The last major improvement we did that’s related to the IP Detection was on version 8.1.6 of the plugin. Can you also try on a test site to install a Solid Security version lower than that with your current environment configurations and let me know if it works? You can get older versions here under the “advanced options” sections.

    Finally, if you haven’t checked yet, please make sure that all these REST HTTP methods are enabled on the server: GET, POST, PUT, PATCH, DELETE, and OPTIONS. This might help us narrow down the issue a bit more.

    There could be something with the OS that’s conflicting with the plugin, but it’s quite hard for us to investigate more, as we don’t have a test environment using that same OS anywhere. Know that as soon as we can replicate this issue, we’ll surely work on resolving it. I’ll reach out to our team to see if we can get a hold of the same environment, but I can’t promise anything.

    In the meantime, please let me know of your findings on the recommendations above, most urgently if you have a way for us to replicate this in some other environment.

    Thanks again for all the details! 

    Thread Starter hockchas

    (@hockchas)

    2 years, 1 month ago

    Hi @shanedelierrr thanks for the quick reply. As part of one of those all-night “I can’t let this go until I get a breakthrough” sessions, I did do some more testing along the lines of what you suggest. But I saw a post somewhere suggesting to open the dev console of the browser when trying to use these features, and I discovered a problem I wasn’t expecting to cause something like this — there was an HTTPS mismatch happening with the way the DDoS provider was sending traffic and what was happening on the webserver. Once I got the web server ssl cert configuration aligned to the provider’s and modified a couple of rules at the proxy, things started working perfectly. I did have to manually select the IP detection to the X-Forwarded-For, which I’d never had to do before, but that’s no biggie.

    Thanks again, this looks resolved! I’m at the latest release for OS, PHP and all other components now, so mission accomplished.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘PHP 8.3.6 IP Detection not working (no errors)’ is closed to new replies.