fmgoodman Posted March 5, 2019 Share Posted March 5, 2019 I'm brand new here and tried to search but couldn't find an answer to my problem. Specs: Openbsd 6.4/Apache2.4/Php7.2 (PHP_FPM)/Mariadb10.0 Went through the install and everything went well (eventually), once i fixed any server problems re-did a clean install Everything is up and happy except... I can't login to the admin site: When I click on the admin login link in the footer I get put in my credentials and get: ProcessWire: ProcessLogin: This request was aborted because it appears to be forged. I'm guessing this is some kind of permission error but don't know where to look Openbsd runs Apache in a chroot jail (/var/www) so all files need to be below that directory for apache to have access to them. These are from phpinfo: session.save_path /var/www/lib/php/session session.cookie_path /var/www/lib/cookie Any help would be greatly appreciated. Let me know if there is more info I can provide. Thanks, Frank. Link to comment Share on other sites More sharing options...
rick Posted March 6, 2019 Share Posted March 6, 2019 Hello Frank, and welcome to the forum. I'm going to assume that both those session paths are writable. Are other session settings set correctly, eg, referer_check, etc.? Is your /site/config.php readable? Is apache running as the correct user? Other more knowledgeable people will chime in as they get here, so don't fret. Glad to have you on board. 2 Link to comment Share on other sites More sharing options...
fmgoodman Posted March 6, 2019 Author Share Posted March 6, 2019 Thanks Rick, Yes, the whole site is readable by apache as it's under /var/www. Apache is running as www.www which matches the permissions. Apache also has mod_session enabled and I've tried this with chrome and firefox with the same result. Based on the error it seems to be something to do with my session/cookie setup I think but not sure what needs a tweak to get past this.. Can't do much with PW if I can't login as admin. I've turned on debug in config and got this back trace: DEBUG MODE BACKTRACE ($config->debug == true): #0 /sites/myndtyme/htdocs/wire/modules/Inputfield/InputfieldForm.module(154): ProcessWire\SessionCSRF->validate() #1 /sites/myndtyme/htdocs/wire/core/Wire.php(383): ProcessWire\InputfieldForm->___processInput(Object(ProcessWire\WireInputData)) #2 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___processInput', Array) #3 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\InputfieldForm), 'processInput', Array) #4 /sites/myndtyme/htdocs/wire/modules/Process/ProcessLogin/ProcessLogin.module(217): ProcessWire\Wire->__call('processInput', Array) #5 /sites/myndtyme/htdocs/wire/core/Wire.php(380): ProcessWire\ProcessLogin->___execute() #6 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___execute', Array) #7 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\ProcessLogin), 'execute', Array) #8 /sites/myndtyme/htdocs/wire/core/ProcessController.php(333): ProcessWire\Wire->__call('execute', Array) #9 /sites/myndtyme/htdocs/wire/core/Wire.php(380): ProcessWire\ProcessController->___execute() #10 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___execute', Array) #11 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\ProcessController), 'execute', Array) #12 /sites/myndtyme/htdocs/wire/core/admin.php(135): ProcessWire\Wire->__call('execute', Array) #13 /sites/myndtyme/htdocs/wire/modules/AdminTheme/AdminThemeUikit/controller.php(15): require('/sites/myndtyme...') #14 /sites/myndtyme/htdocs/site/templates/admin.php(15): require('/sites/myndtyme...') #15 /sites/myndtyme/htdocs/wire/core/TemplateFile.php(287): require('/sites/myndtyme...') #16 /sites/myndtyme/htdocs/wire/core/Wire.php(380): ProcessWire\TemplateFile->___render() #17 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___render', Array) #18 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\TemplateFile), 'render', Array) #19 /sites/myndtyme/htdocs/wire/modules/PageRender.module(514): ProcessWire\Wire->__call('render', Array) #20 /sites/myndtyme/htdocs/wire/core/Wire.php(383): ProcessWire\PageRender->___renderPage(Object(ProcessWire\HookEvent)) #21 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___renderPage', Array) #22 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\PageRender), 'renderPage', Array) #23 /sites/myndtyme/htdocs/wire/core/WireHooks.php(828): ProcessWire\Wire->__call('renderPage', Array) #24 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\Page), 'render', Array) #25 /sites/myndtyme/htdocs/wire/modules/Process/ProcessPageView.module(209): ProcessWire\Wire->__call('render', Array) #26 /sites/myndtyme/htdocs/wire/core/Wire.php(383): ProcessWire\ProcessPageView->___execute(true) #27 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___execute', Array) #28 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\ProcessPageView), 'execute', Array) #29 /sites/myndtyme/htdocs/index.php(55): ProcessWire\Wire->__call('execute', Array) #30 {main} Link to comment Share on other sites More sharing options...
Robin S Posted March 6, 2019 Share Posted March 6, 2019 @fmgoodman, you could experiment with different values for $config->sessionFingerprint (add the line to /site/config.php) to try and track down the issue. See the $config docs and the code comments for Session::getFingerprint(). 1 Link to comment Share on other sites More sharing options...
fmgoodman Posted March 6, 2019 Author Share Posted March 6, 2019 Well I tweaked through all the different values of fingerprint including disabling them and none of them fixed the issue, but thanks for the suggestions! F. 1 Link to comment Share on other sites More sharing options...
flydev Posted March 6, 2019 Share Posted March 6, 2019 Hi @fmgoodman Please post the Apache and the PHP error logs. Also, what is the ownership of /var/www/lib/php/session|cookie ? You can also try to troubleshoot by changing the session.save_path and session.cookie_path of your php.ini file from /var/www/lib/php/session|cookie to /tmp If you can't get it working, I offer you a ninja session on your server ? 2 Link to comment Share on other sites More sharing options...
horst Posted March 6, 2019 Share Posted March 6, 2019 2 hours ago, flydev said: If you can't get it working, I offer you a ninja session on your server ? OT: I'm really missing that ninja-emoji from the old invision forum. 1 Link to comment Share on other sites More sharing options...
flydev Posted March 6, 2019 Share Posted March 6, 2019 OT #2: me too ! Quote Ninja Ninja is a candidate for inclusion in Unicode 13.0 scheduled for release in 2020 and was added to draft Emoji 13.0 in 2019. 1 Link to comment Share on other sites More sharing options...
fmgoodman Posted March 6, 2019 Author Share Posted March 6, 2019 Flydev, > Please post the Apache and the PHP error logs. I deleted the logs and restarted, php log is empty, apache log > Also, what is the ownership of /var/www/lib/php/session|cookie ? I changed the path to remove the php so it's not /var/www/lib/session|cookie www.www own these directories (same as apache ownership) > You can also try to troubleshoot by changing the session.save_path and session.cookie_path of your php.ini file from /var/www/lib/php/session|cookie to /tmp Tried this to no avail. I also inspected the cookie in Chrome and it listed the path as /var/www/lib/cookie (which is now correct since I removed the php piece from the config) There is nothing on disk that I can find though. Link to comment Share on other sites More sharing options...
fmgoodman Posted March 6, 2019 Author Share Posted March 6, 2019 1 hour ago, fmgoodman said: Flydev, > Please post the Apache and the PHP error logs. I deleted the logs and restarted, php log is empty, apache log is also empty > Also, what is the ownership of /var/www/lib/php/session|cookie ? I changed the path to remove the php so it's now /var/www/lib/session|cookie www.www own these directories (same as apache ownership) > You can also try to troubleshoot by changing the session.save_path and session.cookie_path of your php.ini file from /var/www/lib/php/session|cookie to /tmp Tried this to no avail. I also inspected the cookie in Chrome and it listed the path as /var/www/lib/cookie (which is now correct since I removed the php piece from the config) There is nothing on disk that I can find though. 4 Edited my typos in quote (see ___). Not sure where to go from here: If it helps I have these lines: mod_session and mod_session_cookie are loaded. I have the following directives in my vhost files: Session On SessionEnv On SessionCookieName session domain=myndtyme.com Link to comment Share on other sites More sharing options...
flydev Posted March 6, 2019 Share Posted March 6, 2019 (edited) 1 hour ago, fmgoodman said: If it helps I have these lines: mod_session and mod_session_cookie are loaded. Just a question, did you tried to unload those modules from apache and to run a new ProcessWire installation with a basic configuration to be sure that you can access the backend and login and will also confirm that the server config is ok ? If you are sure that your apache/php(fpm) configuration is green then try what @Robin S already said, first try to track down the issue with $config->sessionFingerprint Edit your /wwwroot/site/config.php, add/modify the two following config vars by referring to the PHP comments below and come back to use with your results. /** * Use session challenge? * * Should login sessions have a challenge key? (for extra security, recommended) * * @var bool * */ $config->sessionChallenge = true; // try without here (set to false) /** * Use session fingerprint? * * Should login sessions be tied to IP and user agent? * IP fingerprinting may be problematic on dynamic IPs. * Below are the possible values: * * 0 or false: Fingerprint off * 1 or true: Fingerprint on with default/recommended setting (currently 10). * 2: Fingerprint only the remote IP * 4: Fingerprint only the forwarded/client IP (can be spoofed) * 8: Fingerprint only the useragent * 10: Fingerprint the remote IP and useragent (default) * 12: Fingerprint the forwarded/client IP and useragent * 14: Fingerprint the remote IP, forwarded/client IP and useragent (all). * * If using fingerprint in an environment where the user’s * IP address may change during the session, you should * fingerprint only the useragent, or disable fingerprinting. * * If using fingerprint with an AWS load balancer, you should * use one of the options that uses the “client IP” rather than * the “remote IP”, fingerprint only the useragent, or disable * fingerprinting. * * @var int * */ $config->sessionFingerprint = 1; // try with different value here Edit: @fmgoodman Could you also adjust this directive from SessionCookieName session domain=myndtyme.com to SessionCookieName session path=/;domain=myndtyme.com; Edited March 6, 2019 by flydev directive Link to comment Share on other sites More sharing options...
fmgoodman Posted March 6, 2019 Author Share Posted March 6, 2019 I changed the SessionCookieName per your instructions. I've turned sessionChallenge to false I've cycled through the fingerprint setting. None of these have made a difference. I'll try reinstalling a basic site with mod_session and mod_session_cookie not loaded and see if that makes a difference. Link to comment Share on other sites More sharing options...
fmgoodman Posted March 6, 2019 Author Share Posted March 6, 2019 Ok, just reinstalled with the "apache session mods" disabled in the server. Installation went fine. Site comes up. Can't login , same error: ProcessWire: ProcessLogin: This request was aborted because it appears to be forged. Something is still wrong with the setup, was there some other meaning to : 1 hour ago, flydev said: unload those modules from apache and to run a new ProcessWire installation with a basic configuration to be sure that you can access the backend and login and will also confirm that the server config is ok I'm at a loss, something is not setup right, not sure what. Link to comment Share on other sites More sharing options...
Macrura Posted March 7, 2019 Share Posted March 7, 2019 I've seen mod_sec trigger a request was aborted on servers with overzealous settings. sometimes the server contains a log of which rule triggered the condition. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now