|
spaetverkehr
|
July 26, 2018 at 5:50 am
When I try to log in to the EE4 App I get an error message:
The server was acting as a gateway or proxy and received an invalid response from the upstream server.
I haven’t really found a solution that worked in the support forums, so I hope you can help me here.
|
|
Josh
|
July 26, 2018 at 8:07 am
Hi,
The documentation has a solution for that error message:
https://eventespresso.com/wiki/ee4-event-apps/#apache-fcgi
|
|
spaetverkehr
|
July 26, 2018 at 9:37 am
I’ve tried that solution but it doesn’t solve my problem. Is there a difference with https?
|
|
Josh
|
July 26, 2018 at 10:03 am
No difference. Can you outline exactly what you’ve tried so we’re not telling you to try things you’ve already tried?
|
|
spaetverkehr
|
July 26, 2018 at 10:11 am
I’ve tried what you’ve told me and this:
We are able to fix your site. The problem was the server wasn’t allowing the Authorization header to pass with the request. There’s an .htaccess file in the root level directory of your server that had this line of code:
RewriteRule ^index\.php$ - [L]
we changed that line of code to this:
RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
and the app will log in correctly now.
So at the moment both of those fixes are active in my htaccess file. I also tried typing the url at app login with http, https and without.
|
|
spaetverkehr
|
July 26, 2018 at 10:12 am
This is what my .htaccess looks like.
# Begin Custom htaccess
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
# End Custom htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
|
|
Josh
|
July 26, 2018 at 10:17 am
The second “fix” you list is no longer recommended, so that part can be changed back.
You could also try temporarily removing the WordFence rules to see if there’s a conflict.
Also, a few users have reported that installing the Application Passwords plugin resolved their issues. You can download the Application Passwords plugin from wordpress.org:
https://wordpress.org/plugins/application-passwords/
|
|
spaetverkehr
|
July 26, 2018 at 10:24 am
I’ve tried all three, but I still get the error message…
|
|
Josh
|
July 26, 2018 at 10:31 am
May I ask what’s the URL that you’re inputting into the Website URL field of the app?
|
|
spaetverkehr
|
July 26, 2018 at 10:32 am
spaetverkehr.de
|
|
Josh
|
July 26, 2018 at 10:35 am
If you temporarily deactivate all other plugins (besides Event Espresso) and temporarily switch to the default WordPress theme, do you still get the error from the app?
|
|
spaetverkehr
|
July 26, 2018 at 10:41 am
yup.
|
|
Josh
|
July 26, 2018 at 11:06 am
That narrows things down to a server configuration issue where the server isn’t allowing the Authorization headers to be passed. Usually the .htaccess edit will do the trick, but not always.
We know that the REST API on your site can send a valid response if it’s a request that doesn’t require authorization, e.g.
https://spaetverkehr.de/wp-json/ee/v4.8.36/events/
and
https://spaetverkehr.de/wp-json/ee/v4.8.36/site_info
Can you contact your host and ask them if they can allow the HTTP_AUTHORIZATION header?
|
|
spaetverkehr
|
July 28, 2018 at 2:31 am
They told me edit my htaccess and add:
RewriteEngine On
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
So now it looks like this (I removed all other RewriteRules):
# Begin Custom htaccess
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
# End Custom htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
</IfModule>
# END WordPress
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
But I still get the error. I’m all out of ideas…
|
|
spaetverkehr
|
July 28, 2018 at 2:51 am
Okay, I found something interesting. The Application Passwords plugin was giving me this error message:
Due to a potential server misconfiguration, it seems that HTTP Basic Authorization may not work for the REST API on this site: “Authorization” headers are not being sent to WordPress by the web server. You can learn more about this problem, and a possible solution, on our GitHub Wiki.
So I did as recommended on the Wiki and added
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
But as long as RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] was part of htaccess, I would still get the above message. Removing this line of code got rid of the error message and even the REMOTE_USER line wasn’t necessary anymore.
I don’t know if this is of any help (no combination of RewriteRules has solved the original problem), but it feels like something is definitely wrong here :D.
|
|
Josh
|
July 28, 2018 at 1:09 pm
You should go with the .htaccess access rule suggested by the host. If the Authorization header still isn’t getting passed with their suggested .htaccess rule alone they should be able to investigate further.
Here’s how to make sure the site is using the host’s suggested .htaccess alone:
1) Deactivate the WordFence plugin
2) Navigate to the WP Dashboard’s Settings > Permalinks page, and leave that tab open
3) Take a backup and remove everything from the site’s .htaccess file
4) Add the host’s suggested .htaccess rule to the .htaccess file, and save the file
5) Click the Update button on the Settings > permalinks page
6) Reload the .htaccess file from your FTP client and verify that the custom .htaccess rule did not get overwritten when WordPress added its rewrite rules
7) Try the app
|
|
spaetverkehr
|
August 2, 2018 at 1:43 pm
Thanks for your continued support! I tried your 7 steps – no change. The RewriteRule definitely does not get overwritten though.
My host is asking what requirements the plugin has for their server (very open question, I know). What should I tell them?
|
|
Josh
|
August 2, 2018 at 2:31 pm
Specific to the issue at hand, the app requires the server allowing the Authorization header to be passed. You can point them to this Github issue where an engineer from WPEngine (another web host) left some follow up:
https://github.com/WP-API/WP-API/issues/2512
|
|
Josh
|
August 2, 2018 at 2:35 pm
Here’s an additional troubleshooting tip from a related issue on Github:
https://github.com/WP-API/Basic-Auth/issues/35#issuecomment-403703396
|
