[WordPress] Server issues including HTTP/1.1 302 error following Bitnami Stack migration about vms HOT 5 CLOSED

Hi,

We recently migrated to the new Bitnami Stack, and have unresolved issues since then.

Could you please let us know more information about this migration process?

• What were you using previously? Where was it deployed?
• Did you use the same domain/email to configure that deployment?
• Did you follow this guide to migrate the data? https://docs.bitnami.com/aws/how-to/migrate-wordpress/

One of the biggest issues was our url and email http://{ip_address} and @{ip_address} did not update to https://www.questcoffee.com.au/ and @questcoffee.com.au for all locations.

There is a plugin that modifies the WordPress’ configuration and replaces the required values. Please take a look at it

https://wordpress.org/plugins/better-search-replace/

We are unable to find all locations where this is still broken, but believe some of the issues are related to this.

Can you share an example? I just accessed your site and got redirected properly.

$ curl -LI questcoffee.com.au
HTTP/1.1 302 Found
Date: Mon, 19 Jul 2021 07:41:20 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1d
Location: https://questcoffee.com.au/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 301 Moved Permanently
Date: Mon, 19 Jul 2021 07:41:21 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1d
Location: https://www.questcoffee.com.au/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Mon, 19 Jul 2021 07:41:22 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1d
X-Powered-By: PHP/7.4.21
Link: <https://www.questcoffee.com.au/wp-json/>; rel="https://api.w.org/", <https://www.questcoffee.com.au/wp-json/wp/v2/pages/734>; rel="alternate"; type="application/json", <https://www.questcoffee.com.au/>; rel=shortlink
Content-Type: text/html; charset=UTF-8

One of the most significant seems to be HTTP/1.1 302 error generated nearly every second by multiple ip address in our access logs.

A 302 error message means that it’s performing a redirection. Can you share an example of the line in the access_log file here?

I can see you have several IPs with many connections to your site

-----------------------------------
Check performance issues: Count number of requests for the 10 most active IP addresses in the last 100.000 requests
-----------------------------------
Running: tail -n 100000 access_log | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10 | awk '{print $1}'
In: /opt/bitnami/apache2/logs/

Output:

1519
1519
1519
1519
1517
1516
1516
1515
1510
1510

Please check if a bot/attacker is accessing your site

https://docs.bitnami.com/aws/apps/wordpress/troubleshooting/deny-connections-bots-apache/

from vms.

Hi,

thank you for your response.

What were you using previously? Where was it deployed?

we were using an older version of the Bitnami stack. 1.5 years old. It was deployed on an EC2 instance in AWS.

Did you use the same domain/email to configure that deployment?

yes and yes

Did you follow this guide to migrate the data?

yes

There is a plugin that modifies the WordPress’ configuration and replaces the required values. Please take a look at it
https://wordpress.org/plugins/better-search-replace/

^^ thank you. I went through each url instance that was pointing directly to the EC2, and migrated to the domain where appropriate. This solved some issues :slight_smile:

A 302 error message means that it’s performing a redirection. Can you share an example of the line in the access_log file here?

See below examples of logs:

15.177.62.38 - - [26/Jul/2021:06:07:09 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:07:39 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:08:09 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:08:39 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:09:09 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:09:39 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:10:09 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:10:39 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:11:09 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:11:39 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:12:09 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:12:39 +0000] “GET / HTTP/1.1” 302 215

I don’t believe these are attacks, but rather something wrong in the backend. These log files are also consuming memory and space. What might be the cause of this issue?

from vms.

Hi

^^ thank you. I went through each url instance that was pointing directly to the EC2, and migrated to the domain where appropriate. This solved some issues

Perfect! :slight_smile:

15.177.62.38 - - [26/Jul/2021:06:12:09 +0000] “GET / HTTP/1.1” 302 215
15.177.62.38 - - [26/Jul/2021:06:12:39 +0000] “GET / HTTP/1.1” 302 215

I don’t believe these are attacks, but rather something wrong in the backend. These log files are also consuming memory and space. What might be the cause of this issue?

As you can see here, those requests are triggered every 30 seconds and I can see that you have this job in the cron config file

# Added by Alex M on 15 July 2021 as per Bitnami instructions
*/5 * * * * su daemon -s /bin/sh -c "cd /opt/bitnami/wordpress; /opt/bitnami/php/bin/php -q wp-cron.php"

Can you confirm if “15.177.62.38” is your IP? Do you have any load balancer or CDN configured? Those redirections are probably caused because the job is using http instead of https

$ curl -LI DOMAIN.com.au
HTTP/1.1 302 Found
Date: Mon, 26 Jul 2021 09:04:21 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1d
Location: https://DOMAIN.com.au/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 301 Moved Permanently
Date: Mon, 26 Jul 2021 09:04:22 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1d
Location: https://www.DOMAIN.com.au/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Mon, 26 Jul 2021 09:04:22 GMT
Server: Apache/2.4.48 (Unix) OpenSSL/1.1.1d
X-Powered-By: PHP/7.4.21
Link: <https://www.DOMAIN.com.au/wp-json/>; rel="https://api.w.org/", <https://www.DOMAIN.com.au/wp-json/wp/v2/pages/734>; rel="alternate"; type="application/json", <https://www.DOMAIN.com.au/>; rel=shortlink
Content-Type: text/html; charset=UTF-8

from vms.

Hi,

Can you confirm if “15.177.62.38” is your IP?

This is not my ip address. And is not the ip address of any instances we have.

Do you have any load balancer or CDN configured?

We have W3 Total Cache CDN configured using AWS Cloudfront.

What do you think are the next steps to diagnose and fix this?

from vms.

Hi,

I can see this IP belongs to AWS

https://www.whatismyip.com/ip-whois-lookup/

There must be a health check somewhere in your configuration that is performing those requests.

from vms.