CSF Allow Causes site to NOT load under very specific conditions

Post Reply
greenot
Junior Member
Posts: 5
Joined: 20 Jan 2022, 14:56

CSF Allow Causes site to NOT load under very specific conditions

Post by greenot »

Its not every day I find something this perplexing, so I thought I would toss this out there to the hive mind and see if anyone can guess what might be going on here.

Server is a Centos 7, fully updated server, high end specs, bare metal, latest Release version of cPanel. Running Litespeed.

This is so weird.

So, this url:

https://www.annamaria.com/vacation-rent ... archform=1

For any of you in the forum would load perfectly normally across all browsers. However, if your IP was in the csf.allow, or in the global allow file, and you try to load is using Chrome (and chrome only) then the results portion hangs.

If you disable csf (csf -x) it STILL hangs. If you flush IPTABLES after disabling csf, it STILL hangs. If you remove the IP from csf.allow and/or the global allow list, and restart csf/lfd, then the site loads fine.

We can't test it with Apache because the end users htaccess files are full of errors and on apache the sites just throw a 500 error on apache. And while we could clean up this site's for the purpose of testing there are 500 other domains on here with the same kind of htaccess errors so testing under just apache is not feasible.

We can also eliminate modsecurity as we tried disabling it completely to no avail.

It is beyond anything I have seen before that the csf.allow file would play any role whatsoever when csf is off, much less an allowed ip PREVENTING the loading of a page.


What I see is that when I am loading with chrome, the logs show about 70 image requests like

24.249.121.57 - - [20/Jan/2022:08:22:43 -0500] "GET /unitimages/sm-51a964ff-c206-4fcc-9277-1f0ec8424f15.jpg HTTP/1.1" 200 24309 "https://www.annamaria.com/vacation-...i ... archform=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0"

Which I have to assume are the listing images. after that the logs stop and then a minute or two later it will load the favicon and then be done, but the browser as you know just shows the spinning icon. None of the images show up, even though they were given a 200 result code as seen above.

In firefox, the image load list is of course much longer, because that page has 228 listings in it. And once the images are done being sent, there are more wp logs executed that do not happen when visiting with chrome.

There is no errors being generated in either the domlog or the apache error log.
Post Reply