Closed GoogleCodeExporter closed 9 years ago
Example:
/application/css.php?request=application/modules/Core/externals/styles/admin/mai
n.css&c=7
Gets converted to:
http://www.domain.com/application/W.css.php,qrequest=application,_modules,_Core,
_externals,_styles,_admin,_main.css,ac=7.pagespeed.cf.fjlGupuHGz.css
The first one works just fine.
The second one returns 403 Forbidden.
Original comment by sn...@darkbattlers.com
on 4 Dec 2012 at 10:40
Another example:
1.
/application/css.php?request=application/themes/midnight/theme.css&c=7
Gets converted to:
2.
http://www.domain.com/application/W.css.php,qrequest=application,_themes,_midnig
ht,_theme.css,ac=7.pagespeed.cf.yEbgaHPSKe.css
I think the right one would be:
3.
http://www.domain.com/W.application,,_css.php,,qrequest==application,,_themes,,_
midnight,,_theme.css,,ac==7+externals,,_fancyupload,,_fancyupload.css,,qc==7,Mcc
.EyOi1Q4C23.css.pagespeed.cf.VJ4wYOmbc0.css
1. Returns fine
2. 403 Forbidden
3. Returns fine and optimized
Original comment by sn...@darkbattlers.com
on 4 Dec 2012 at 10:47
This is indeed strange. Is there anything in your logs that might explain this?
It might help us to see your URL but if you don't want to share it you can just
mail it to me (jmarantz@google.com) and I won't reveal it in public forums.
Original comment by jmara...@google.com
on 5 Dec 2012 at 12:13
I have emailed you the same.
Original comment by sn...@darkbattlers.com
on 5 Dec 2012 at 1:28
I just updated pagespeed to 1.1.23.2-2191 using apt-get update && apt-get
upgrade and the issue still exists.
Original comment by sn...@darkbattlers.com
on 5 Dec 2012 at 1:30
OK I repro'd your problem. This fails with a 403:
wget --save-headers http://DOMAIN/application/W.css.php,qrequest=application,_themes,_midnight,_theme.css,ac=7.pagespeed.cf.yEbgaHPSKe.css
I manually decoded that URL, which is the result of 'rewrite_css', and tried
this:
wget --save-headers http://DOMAIN/application/css.php?request=application/themes/midnight/theme.css&c=7
That passes. What's the difference in terms of Apache 403-handling? Not much
as far as I can tell. My best guess is that some apache conf file is
disallowing access to http://DOMAIN/application from outside your network, but
somehow, possibly via mod_rewrite, the PHP script is whitelisted through.
Is that plausible?
Original comment by jmara...@google.com
on 5 Dec 2012 at 2:11
One more point, I can load your site and it gets rewritten by mod_pagespeed
(except for CSS) and loads fine by browsing to:
http://DOMAIN/?ModPagespeedFilters=-rewrite_css,-extend_cache_css
That says 'load your site, but turn off the rewrite_css and extend_cache_css
filters leaving all other filters configured as they are in your .conf file'
Original comment by jmara...@google.com
on 5 Dec 2012 at 6:39
I could give you server access if you wanna check the server out. I checked
.htaccess and stuff and could find nothing.
Plus I would like to mention this again, we have been running the same setup
forever but this problem just started recently without any changes at all
except for applying recommended updates by ubuntu.
Original comment by sn...@darkbattlers.com
on 5 Dec 2012 at 6:43
I have disabled rewrite_css and extend_cache_css as you recommended and it
seems to work perfectly now.
Original comment by sn...@darkbattlers.com
on 5 Dec 2012 at 7:03
That is not necessarily the best workaround as optimizing CSS files has a fair
amount of benefit. I think the problem likes probably not in .htaccess files
but in some other .conf file that Apache is loading.
Original comment by jmara...@google.com
on 5 Dec 2012 at 7:10
I have looked around the best I can. I got nothing at all.
Original comment by sn...@darkbattlers.com
on 5 Dec 2012 at 7:58
This problem also occurs on http://www.altiuzreports.com/ -- a Joomla site,
and is worked around with a similar disable directive.
[Thu Dec 06 12:49:34 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/media/system/css/W.modal.css.pagespeed.cf.n4Iy-tN7Sj.css, referer:
http://www.altiuzreports.com/
[Thu Dec 06 12:49:34 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/templates/gk_music_free/css/W.k2.css.pagespeed.cf.CAwb_G0DGG.css, referer:
http://www.altiuzreports.com/
[Thu Dec 06 12:49:34 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/templates/gk_music_free/css/system/W.system.css.pagespeed.cf.-6JzBKRCca.css,
referer: http://www.altiuzreports.com/
[Thu Dec 06 12:49:34 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/templates/gk_music_free/css/W.template.css.pagespeed.cf.KMzAU3E_vw.css,
referer: http://www.altiuzreports.com/
[Thu Dec 06 12:49:34 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/templates/gk_music_free/css/W.menu,,_menu.css+gk.stuff.css+style1.css+typograph
y,,_typography.style1.css+typography,,_typography.iconset.style1.css,Mcc.7uFo2kL
m78.css.pagespeed.cf.WUAqmH3wHd.css, referer: http://www.altiuzreports.com/
[Thu Dec 06 12:49:34 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/templates/gk_music_free/css/W.joomla.css.pagespeed.cf.91Tuzm8f88.css, referer:
http://www.altiuzreports.com/
[Thu Dec 06 12:49:35 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/modules/mod_pwebcontact/css/general/W.modal-static.css.pagespeed.cf.sE_aH60lyT.
css, referer: http://www.altiuzreports.com/
[Thu Dec 06 12:49:35 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/W.modules,,_mod_news_pro_gk4,,_interface,,_css,,_style.css+media,,_mod_language
s,,_css,,_template.css,Mcc.aoUArEshID.css.pagespeed.cf.5eiUdy5dmX.css, referer:
http://www.altiuzreports.com/
[Thu Dec 06 12:49:35 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/modules/mod_pwebcontact/css/modal/W.blue.css.pagespeed.cf.ThOd3KEkI-.css,
referer: http://www.altiuzreports.com/
[Thu Dec 06 12:49:35 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/media,_system,_js,_mootools-core.js,Mjm.icm_DCUluU.js+media,_system,_js,_core.j
s,Mjm.AESYeh_Qiv.js+media,_system,_js,_modal.js,Mjm.UjILsGpGmy.js+media,_k2,_ass
ets,_js,_k2.noconflict.js,Mjm.MK0q4iT8Mf.js+components,_com_k2,_js,_k2.js,Mjm.25
g2o7ZNG3.js+media,_system,_js,_caption.js,Mjm.N0DmbmP4fF.js+media,_system,_js,_m
ootools-more.js,Mjm.SMODr-WPPp.js+templates,_gk_music_free,_js,_gk.scripts.js,Mj
m.1c5Za4-I6o.js+templates,_gk_music_free,_js,_gk.menu.js,Mjm.fP4LZhZD6N.js+templ
ates,_gk_music_free,_js,_moo.masonry.js,Mjm.tx9VIy3Aqn.js+media,_system,_js,_val
idate.js,Mjm.70rhqASwDx.js+modules,_mod_pwebcontact,_js,_mootools.pwebcontact.js
,Mjm.hlHEI1yQNI.js+modules,_mod_news_pro_gk4,_interface,_scripts,_engine.js,Mjm.
hNv-F7rKL3.js.pagespeed.jc.Kvg4NkbrMV.js, referer: http://www.altiuzreports.com/
[Thu Dec 06 12:49:35 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/templates/gk_music_free/images/logo.png.pagespeed.ce.mbYA5XENbi.png, referer:
http://www.altiuzreports.com/
[Thu Dec 06 12:49:35 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri /images/xaltiuz.png.pagespeed.ic.8BaCsglGLo.png,
referer: http://www.altiuzreports.com/
[Thu Dec 06 12:49:35 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/templates/gk_music_free/css/W.tablet.css.pagespeed.cf.JjmW0gK3Q-.css, referer:
http://www.altiuzreports.com/
[Thu Dec 06 12:49:36 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/templates/gk_music_free/css/W.mobile.css.pagespeed.cf.Lq4CWSwtmD.css, referer:
http://www.altiuzreports.com/
[Thu Dec 06 12:49:36 2012] [error] [client 66.102.14.16] client denied by
server configuration: uri
/templates/gk_music_free/css/system/W.print.css.pagespeed.cf.I29YUSeJym.css,
referer: http://www.altiuzreports.com/
[Thu Dec 06 12:54:09 2012] [error] (113)No route to host: proxy: HTTP: attempt
to connect to 192.168.0.51:8080 (192.168.0.51) failed
[Thu Dec 06 12:54:09 2012] [error] ap_proxy_connect_backend disabling worker
for (192.168.0.51)
[Thu Dec 06 12:56:49 2012] [error] [client 192.168.0.1] client denied by server
configuration: uri
/templates/gk_music_free/css/menu,_menu.css+gk.stuff.css+style1.css+typography,_
typography.style1.css+typography,_typography.iconset.style1.css.pagespeed.cc.7uF
o2kLm78.css, referer: http://www.altiuzreports.com/es/
[Thu Dec 06 12:56:49 2012] [error] [client 192.168.0.1] client denied by server
configuration: uri
/media,_system,_js,_mootools-core.js,Mjm.icm_DCUluU.js+media,_system,_js,_core.j
s,Mjm.AESYeh_Qiv.js+media,_system,_js,_modal.js,Mjm.UjILsGpGmy.js+media,_k2,_ass
ets,_js,_k2.noconflict.js,Mjm.MK0q4iT8Mf.js+components,_com_k2,_js,_k2.js,Mjm.25
g2o7ZNG3.js+media,_system,_js,_caption.js,Mjm.N0DmbmP4fF.js+media,_system,_js,_m
ootools-more.js,Mjm.SMODr-WPPp.js+templates,_gk_music_free,_js,_gk.scripts.js,Mj
m.1c5Za4-I6o.js+templates,_gk_music_free,_js,_gk.menu.js,Mjm.fP4LZhZD6N.js+templ
ates,_gk_music_free,_js,_moo.masonry.js,Mjm.tx9VIy3Aqn.js+media,_system,_js,_val
idate.js,Mjm.70rhqASwDx.js+modules,_mod_pwebcontact,_js,_mootools.pwebcontact.js
,Mjm.hlHEI1yQNI.js+modules,_mod_news_pro_gk4,_interface,_scripts,_engine.js,Mjm.
hNv-F7rKL3.js.pagespeed.jc.Kvg4NkbrMV.js, referer:
http://www.altiuzreports.com/es/
[Thu Dec 06 12:56:49 2012] [error] [client 192.168.0.1] client denied by server
configuration: uri
/templates/gk_music_free/css/W.mobile.css.pagespeed.cf.Lq4CWSwtmD.css, referer:
http://www.altiuzreports.com/es/
[Thu
Original comment by jmara...@google.com
on 6 Dec 2012 at 4:21
Gonzalo, could you do some tests for me please?
1. Stop your reverse proxy Apache, edit its httpd.conf, change LogLevel to
debug, then restart it.
2. Do wget -O /dev/null
http://www.altiuz.com/media/system/css/W.modal.css.pagespeed.cf.n4Iy-tN7Sj.css
You should get a 403 error.
3. Email/post the log entries for that request. You should see the same ones as
above (client denied) but I want to see if there are any messages from
mod_pagespeed.
Thanks! m.
Original comment by matterb...@google.com
on 6 Dec 2012 at 8:46
Correction: It should be www.altiuzreports.com of course.
Also, what domain related directives do you have in pagespeed.conf?
Perhaps you are mapping altiuzreports.com to altiuz.com in there?
Original comment by matterb...@google.com
on 6 Dec 2012 at 8:58
No domain specific directives at all (just default ones) in pagespeed.conf
Will test tomorrow as I'm leaving office right now
Gonzalo V�squez S�ez
Gerente Investigaci�n y Desarrollo (R&D)
Altiuz Soluciones Tecnol�gicas de Negocios Ltda.
Av. Nueva Tajamar 555 Of. 802, Las Condes - CP 7550099
+56 2 335 2461
gvasquez@altiuz.cl
http://www.altiuz.cl
http://www.altiuzreports.com
El 06-12-2012, a las 17:58, modpagespeed@googlecode.com escribi�:
Original comment by gvasq...@altiuz.cl
on 6 Dec 2012 at 9:40
gvasquez: can you check for and send us the authorization blocks you have in
*.conf? We are looking for a pattern we can use to reproduce the issue on our
own servers.
Original comment by jmara...@google.com
on 7 Dec 2012 at 6:10
gvasquez: never mind; I see you emailed them already. Pasting them here.
We have three different sites working on our servers:
altiuz.com
altiuz.cl
altiuzreports.com
On the "outside" box, we are directly running altiuz.com under Apache which has
mod_pagespeed enabled, this apache also has two virtualhosts enabled for the
other two domains, which are being served by other separate Debian Apache
servers, via ReverseProxy setup, which also have mod_pagesped enabled.
Relevant sections of the CentOS apache cfg file:
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/www/altiuz
ServerName altiuz.cl
ServerAlias www.altiuz.cl
ProxyPass / http://192.168.0.17/
ProxyPassReverse / http://192.168.0.17
ProxyHTMLURLMap http://192.168.0.17 /
#GZIP compression
SetOutputFilter INFLATE;proxy-html;DEFLATE
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
application/x-javascript
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/areports
ServerName altiuzreports.com
ServerAlias www.altiuzreports.com
ProxyPass / http://192.168.0.18/
ProxyPassReverse / http://192.168.0.18
ProxyHTMLURLMap http://192.168.0.18 /
ProxyHTMLEnable On
SetOutputFilter INFLATE;proxy-html;DEFLATE
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
application/x-javascript
</VirtualHost>
Original comment by jmara...@google.com
on 7 Dec 2012 at 6:12
Just updated via apt-get on a debian box to the latest mod_pagespeed and this
problem showed up, I had to disable css filter and extended_cache_css. We use
no proxy at all.
client denied by server configuration: uri
/application/W.css.php,qrequest=application,_modules,_Hecore,_externals,_styles,
_imagezoom,_core.css,ac=494.pagespeed.cf.ysPO7tuQMt.css
Any news on how to fix this?
Original comment by l...@burning.it
on 29 Dec 2012 at 2:17
Followup issue with the same update also the service aliases broke:
When trying to access /mod_pagespeed_console or statistics
Request exceeded the limit of 10 internal redirects due to probable
configuration error. Use 'LimitInternalRecursion' to increase the limit if
necessary. Use 'LogLevel debug' to get a backtrace.
mod_pagespeed 1.1.23.2-2258 @20053 (received from stable repository)
Original comment by l...@burning.it
on 29 Dec 2012 at 2:45
Fixed in r2358. If either of you can build from source and test I'd be
grateful, otherwise wait until the next release.
Original comment by matterb...@google.com
on 4 Jan 2013 at 2:25
Just installed the update to the latest stable: 1.2.24.1-2581 This problem
persists.
The service aliases now report a generic Internal server error, while CSS
rewriting causes the aforementioned 403 forbidden access.
2 stable releases ago it worked without a problem.
Original comment by l...@burning.it
on 16 Mar 2013 at 12:17
This bug fix has not made it to Stable yet. It is in the latest Beta.
Original comment by jmara...@google.com
on 16 Mar 2013 at 1:42
confirmed this fixed the 403 issue for us. thanks. do you know when it will
make it into the stable?
Original comment by joelnew...@gmail.com
on 22 Mar 2013 at 3:22
Original comment by sligocki@google.com
on 24 Jun 2013 at 2:14
Original issue reported on code.google.com by
sn...@darkbattlers.com
on 4 Dec 2012 at 10:31