Plugin Author
AITpro
(@aitpro)
When I enter this mod_security testing parameter: /…/…/ after your domain URI|URL I see this standard mod_security error message below.
Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.
A common known issue with mod_security is that it may be configured to override BPS Security logging. Contact your host and ask them to temporarily disable mod_security to confirm that that is why BPS is unable to log anything. You can then either choose to allow mod_security to log all errors or turn off mod_security so that BPS can log security errors.
Plugin Author
AITpro
(@aitpro)
Is the issue/problem still occurring or is it resolved?
Thread Start Date: 12-25-2015
Current Date: 12-27-2015
Would you check these two sites please. The first one the log is not updating and the second is updating.
http://www.successfulflyfishing.com/
http://www.kindlexposed.com/
I have contacted my webhost about the issue you found.
Would a reinstall of BPS help this issue at all?
Could a plugin conflict cause it?
The original post is my main site. The last two are addons. Some of the addons update and some do not.
Could an update to the latest php cause this issue?
Plugin Author
AITpro
(@aitpro)
I checked both sites and I see the same mod_security issue using this standard mod_security testing parameter on the end of the URI|URL: /…/…/. mod_security is installed on your server so this is a server configuration issue and is not related to BPS in any way. Things change so check with your host to see what has changed on your hosting server. Typically mod_security will override BPS Security Logging.
What is strange out of my 8 WP sites about half update and the other half don’t. It would seem if mod security is present as a server configuration, that it would affect all my sites the same.
Plugin Author
AITpro
(@aitpro)
You should look at your server logs for clues. If it was an issue with some new code in BPS in the last BPS version release then I would think the same problem would be occurring on all of your sites and not some of them. So basically you need to do things like look at what is different on sites where everything is working vs sites where logging is not working. Since you have multiple sites then maybe there is some sort of a hierarchy problem with a parent htaccess file. See this forum topic for more info on that possibility: http://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/
This is what my webhost did
Thanks for contacting our ticket support system. I have gone ahead and added the rules to the domain fly-fishing-colorado.com:
Rule ID Message URI Count
340008 Bogus Path denied /…/…/ 1
900167 MJ12Bot Crawler /robots.txt 3
Those should now be whitelisted for your account. Let me know if you need us to remove them from mod_security.
I have no clue what this really means or whether it will help the situation.
Plugin Author
AITpro
(@aitpro)
Yeah not really sure either if that is just taking care of a symptom/minor outward issue/problem or dealing with whatever the root issue is. Logically it seems more like an extraneous/other band-aid kind of thing. Is the original Security Logging problem still occurring?
Back in Nov, my host changed to a newer version of php which is in beta. Without my permission, they updated all my wordpress sites. The handler script they are using is a beta version and I believe that it is causing problems with the logging function in BPS. I think the handler script may be bypassing the logging in BPS and shoveling the handling over to mod_security. I have contacted the support about this and will let them handle it. Will keep you updated as we go.
Happy New Year to you.
Plugin Author
AITpro
(@aitpro)
Ok good info. We have tested BPS with PHP5.x to PHP7.x and did not find any general issues/problems/etc. Ok so have your host look at your server’s default php.ini file and check with them to see if you can create your own custom php.ini file and then custom tailor it for the WP platform. Unfortunately, assisting you with creating a custom php.ini file or making php.ini directive setting changes are outside the scope of support we can offer. 😉
Side Bonus Note: What is remarkable is how incredibly fast PHP7.x handles p-processing now.
While my host support is working on checking out the issues I just sent them, would you check this process please. I have noted that the sites that are not updating are ones in which I deleted the security log from the log control panel.
I wonder if there is a glitch in restarting the logging after a log is deleted.
Thanks
Plugin Author
AITpro
(@aitpro)
There were some old known issues/bugs with Security Logging code a while back, but I am 99.99% sure those issues/bugs are all taken care of at this point in .53.x, but will of course have someone double check the Security Logging code tomorrow just to be sure there are no bugs.
Great appreciate it.
Is there any harm in running the setup wizard again to see if that will fix the logging issue?
I ran the setup wizard again on fly-fishing-colorado to see if that will reset the logging function.
I am wondering if when the delete log file button is used, a switch is set in the db to turn off logging even though the security log panel says it is on. Or maybe in a transient.
Ok finally have a php ini that is for php that matches my cPanel selection and the correct statement for handlers in the htaccess.
Getting sub 1 second loads from Dallas on pingdom and about 1 second in other server tests. If the php 5x that is being used is that much slower than 7x, 7x must really smoke.
Now to see if this fixes logging
