First page of my site can't load properly!
by n00b_noob from LinuxQuestions.org on (#5EX40)
Hello,
I'm using CentOS 8 x86_64 to host a WordPress website. When I browse my WordPress website, then its first page is messed up. I examined some log files as below:
Apache Error Log:
Code:# cat error_log
[Thu Mar 04 00:03:02.207454 2021] [mpm_event:notice] [pid 377:tid 131614613780800] AH00492: caught SIGWINCH, shutting down gracefully
[Thu Mar 04 00:03:03.573468 2021] [core:notice] [pid 1568:tid 136661237868864] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Thu Mar 04 00:03:03.576086 2021] [suexec:notice] [pid 1568:tid 136661237868864] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Mar 04 00:03:03.579390 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Thu Mar 04 00:03:03.579412 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
[Thu Mar 04 00:03:03.579462 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: PCRE compiled version="8.42 "; loaded version="8.42 2018-03-20"
[Thu Mar 04 00:03:03.579473 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: LUA compiled version="Lua 5.3"
[Thu Mar 04 00:03:03.579478 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: YAJL compiled version="2.1.0"
[Thu Mar 04 00:03:03.579484 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: LIBXML compiled version="2.9.7"
[Thu Mar 04 00:03:03.579490 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Thu Mar 04 00:03:03.621565 2021] [so:warn] [pid 1568:tid 136661237868864] AH01574: module deflate_module is already loaded, skipping
AH00112: Warning: DocumentRoot [/dev/null/] does not exist
AH00112: Warning: DocumentRoot [/dev/null/] does not exist
[Thu Mar 04 00:03:03.652752 2021] [lbmethod_heartbeat:notice] [pid 1568:tid 136661237868864] AH02282: No slotmem from mod_heartmonitor
[Thu Mar 04 00:03:03.660086 2021] [mpm_event:notice] [pid 1568:tid 136661237868864] AH00489: Apache/2.4.37 (centos) OpenSSL/1.1.1g mod_fcgid/2.3.9 configured -- resuming normal operations
[Thu Mar 04 00:03:03.660121 2021] [core:notice] [pid 1568:tid 136661237868864] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'ModSecurity Audit Log:
Code:# cat modsec_audit.log
--41708864-A--
[04/Mar/2021:00:03:13 +0330] YD-yiemD31vcGVl69EkQNQAAAE4 1.2.3.4 1564 172.20.100.63 443
--41708864-B--
GET /wp-json/wp-statistics/v2/hit?_=1613657714&_wpnonce=2448783e18&wp_statistics_hit_rest=yes&browser=Chrome&platform=Linux&version=%D9%86%D8%A7%20%D9%85%D8%B9%D9%84%D9%88%D9%85&referred=https://mywebsite.com&ip=46.167.143.72&exclusion_match=no&exclusion_reason&ua=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/88.0.4324.152%20Safari/537.36&track_all=1×tamp=1613670314¤t_page_type=home¤t_page_id=1037&search_query&page_uri=/&user_id=0 HTTP/1.1
Host: mywebsite.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36
Content-Type: application/json;charset=UTF-8
Accept: */*
Sec-GPC: 1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mywebsite.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
--41708864-F--
HTTP/1.1 403 Forbidden
X-Robots-Tag: noindex
Link: <https://mywebsite.com/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Vary: Origin,Accept-Encoding
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Feature-Policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://mywebsite.com
Permissions-Policy: geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
--41708864-H--
Apache-Handler: proxy:unix:/run/php-fpm/www.sock|fcgi://localhost
Stopwatch: 1614803593280128 480765 (- - -)
Stopwatch2: 1614803593280128 480765; combined=12, p1=0, p2=0, p3=0, p4=0, p5=11, sr=0, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.0.
Server: Apache
--41708864-Z--And my Virtual Host configuration:
Code:<VirtualHost *:80>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();"
Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"
ServerAdmin root@localhost
ServerName www.mywebsite.com
ServerAlias www.mywebsite.com
DocumentRoot /var/www/wordpress
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =mywebsite.com [OR]
RewriteCond %{SERVER_NAME} =www.mywebsite.com [OR]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Redirect permanent / https://www.mywebsite.com
TraceEnable off
ServerSignature Off
TimeOut 60
FileETag MTime
KeepAlive On
MaxKeepAliveRequests 100
UseCanonicalName Off
LimitInternalRecursion 5
LimitRequestFields 500
AcceptPathInfo Off
MaxRanges 100
KeepAliveTimeout 4
RequestReadTimeout header=20-600,MinRate=500 body=20,MinRate=500
</VirtualHost>
<Directory "/var/www/wordpress">
# Options -Indexes +FollowSymLinks
Options -Indexes
AllowOverride All
Require all granted
</Directory>When I browse my website, I see below errors in the browser console:
Attachment 35780
How can I find the root of the problem?
Thank you.
Attached Thumbnails
I'm using CentOS 8 x86_64 to host a WordPress website. When I browse my WordPress website, then its first page is messed up. I examined some log files as below:
Apache Error Log:
Code:# cat error_log
[Thu Mar 04 00:03:02.207454 2021] [mpm_event:notice] [pid 377:tid 131614613780800] AH00492: caught SIGWINCH, shutting down gracefully
[Thu Mar 04 00:03:03.573468 2021] [core:notice] [pid 1568:tid 136661237868864] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Thu Mar 04 00:03:03.576086 2021] [suexec:notice] [pid 1568:tid 136661237868864] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Mar 04 00:03:03.579390 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Thu Mar 04 00:03:03.579412 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: APR compiled version="1.6.3"; loaded version="1.6.3"
[Thu Mar 04 00:03:03.579462 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: PCRE compiled version="8.42 "; loaded version="8.42 2018-03-20"
[Thu Mar 04 00:03:03.579473 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: LUA compiled version="Lua 5.3"
[Thu Mar 04 00:03:03.579478 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: YAJL compiled version="2.1.0"
[Thu Mar 04 00:03:03.579484 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: LIBXML compiled version="2.9.7"
[Thu Mar 04 00:03:03.579490 2021] [:notice] [pid 1568:tid 136661237868864] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Thu Mar 04 00:03:03.621565 2021] [so:warn] [pid 1568:tid 136661237868864] AH01574: module deflate_module is already loaded, skipping
AH00112: Warning: DocumentRoot [/dev/null/] does not exist
AH00112: Warning: DocumentRoot [/dev/null/] does not exist
[Thu Mar 04 00:03:03.652752 2021] [lbmethod_heartbeat:notice] [pid 1568:tid 136661237868864] AH02282: No slotmem from mod_heartmonitor
[Thu Mar 04 00:03:03.660086 2021] [mpm_event:notice] [pid 1568:tid 136661237868864] AH00489: Apache/2.4.37 (centos) OpenSSL/1.1.1g mod_fcgid/2.3.9 configured -- resuming normal operations
[Thu Mar 04 00:03:03.660121 2021] [core:notice] [pid 1568:tid 136661237868864] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'ModSecurity Audit Log:
Code:# cat modsec_audit.log
--41708864-A--
[04/Mar/2021:00:03:13 +0330] YD-yiemD31vcGVl69EkQNQAAAE4 1.2.3.4 1564 172.20.100.63 443
--41708864-B--
GET /wp-json/wp-statistics/v2/hit?_=1613657714&_wpnonce=2448783e18&wp_statistics_hit_rest=yes&browser=Chrome&platform=Linux&version=%D9%86%D8%A7%20%D9%85%D8%B9%D9%84%D9%88%D9%85&referred=https://mywebsite.com&ip=46.167.143.72&exclusion_match=no&exclusion_reason&ua=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/88.0.4324.152%20Safari/537.36&track_all=1×tamp=1613670314¤t_page_type=home¤t_page_id=1037&search_query&page_uri=/&user_id=0 HTTP/1.1
Host: mywebsite.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36
Content-Type: application/json;charset=UTF-8
Accept: */*
Sec-GPC: 1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://mywebsite.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
--41708864-F--
HTTP/1.1 403 Forbidden
X-Robots-Tag: noindex
Link: <https://mywebsite.com/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Vary: Origin,Accept-Encoding
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Feature-Policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://mywebsite.com
Permissions-Policy: geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Referrer-Policy: no-referrer-when-downgrade
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
--41708864-H--
Apache-Handler: proxy:unix:/run/php-fpm/www.sock|fcgi://localhost
Stopwatch: 1614803593280128 480765 (- - -)
Stopwatch2: 1614803593280128 480765; combined=12, p1=0, p2=0, p3=0, p4=0, p5=11, sr=0, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.0.
Server: Apache
--41708864-Z--And my Virtual Host configuration:
Code:<VirtualHost *:80>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();"
Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"
ServerAdmin root@localhost
ServerName www.mywebsite.com
ServerAlias www.mywebsite.com
DocumentRoot /var/www/wordpress
ErrorLog /var/log/httpd/wordpress_error.log
CustomLog /var/log/httpd/wordpress_access.log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =mywebsite.com [OR]
RewriteCond %{SERVER_NAME} =www.mywebsite.com [OR]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Redirect permanent / https://www.mywebsite.com
TraceEnable off
ServerSignature Off
TimeOut 60
FileETag MTime
KeepAlive On
MaxKeepAliveRequests 100
UseCanonicalName Off
LimitInternalRecursion 5
LimitRequestFields 500
AcceptPathInfo Off
MaxRanges 100
KeepAliveTimeout 4
RequestReadTimeout header=20-600,MinRate=500 body=20,MinRate=500
</VirtualHost>
<Directory "/var/www/wordpress">
# Options -Indexes +FollowSymLinks
Options -Indexes
AllowOverride All
Require all granted
</Directory>When I browse my website, I see below errors in the browser console:
Attachment 35780
How can I find the root of the problem?
Thank you.
Attached Thumbnails