Sudden 404 errors and you have to restart the lsws service to fix it

[MKT77-Italy]

Hi,
I'm experimenting a strange issue with an OpenLiteSpeed (1.6.13) installation on a Ubuntu 18.04 LTS.

On this machine i just have one single vhost (a Wordpress installation) and everything works normally except that sometimes, randomly OLS starts to returns 404 for all the requests and the only thing that works to restore the situation is a "service lsws restart".

I tried to check the logs, both for the webserver than for the website, but i can't find anything of useful to understand what is going there..
Had someone had the same issue and can help me to figure out this?

Thank you

 

[Cold-Egg]

Can you share the content of .htaccess? Also, do you know if there's any plugin may frequent write the .htaccess file?

 

[MKT77-Italy]

Hi Cold-Egg,

Basically the .htaccess is composed with the standard Wordpress htaccess rules for mod_rewrite + some LScache settings and there are no plugins that frequently change it.

Yesterday also tried to update from 1.6.13 to 1.6.15, but i would like to understand the real cause.

This is the content of .htaccess file:


# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]

### marker MOBILE start ###
RewriteCond %{HTTP_USER_AGENT} Mobile|Android|Silk/|Kindle|BlackBerry|Opera\ Mini|Opera\ Mobi [NC]
RewriteRule .* - [E=Cache-Control:vary=ismobile]
### marker MOBILE end ###

### marker NOCACHE COOKIES start ###
RewriteCond %{HTTP_COOKIE} yith_wcwl_session_\*|yith_wcwl_products\*
RewriteRule .* - [E=Cache-Control:no-cache]
### marker NOCACHE COOKIES end ###

### marker CACHE RESOURCE start ###
RewriteRule wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600]
### marker CACHE RESOURCE end ###

### marker LOGIN COOKIE start ###
RewriteRule .? - [E="Cache-Vary:wp-postpass_84d3e6abaa31c269ffa7eac7817d253b"]
### marker LOGIN COOKIE end ###

### marker FAVICON start ###
RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400]
### marker FAVICON end ###

### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###

</IfModule>
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN NON_LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
### marker BROWSER CACHE start ###
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType application/pdf A2592000
ExpiresByType image/x-icon A2592000
ExpiresByType image/vnd.microsoft.icon A2592000
ExpiresByType image/svg+xml A2592000

ExpiresByType image/jpg A2592000
ExpiresByType image/jpeg A2592000
ExpiresByType image/png A2592000
ExpiresByType image/gif A2592000
ExpiresByType image/webp A2592000

ExpiresByType video/ogg A2592000
ExpiresByType audio/ogg A2592000
ExpiresByType video/mp4 A2592000
ExpiresByType video/webm A2592000

ExpiresByType text/css A2592000
ExpiresByType text/javascript A2592000
ExpiresByType application/javascript A2592000
ExpiresByType application/x-javascript A2592000

ExpiresByType application/x-font-ttf A2592000
ExpiresByType application/x-font-woff A2592000
ExpiresByType application/font-woff A2592000
ExpiresByType application/font-woff2 A2592000
ExpiresByType application/vnd.ms-fontobject A2592000
ExpiresByType font/ttf A2592000
ExpiresByType font/woff A2592000
ExpiresByType font/woff2 A2592000

</IfModule>
### marker BROWSER CACHE end ###

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

<IfModule mod_headers.c> Header set Connection keep-alive </IfModule>

Thank you

 

[Cold-Egg]

Hi,

Rules look fine to me.
Could you check the error log and see if it going through Rewrite rules when 404 issue happens? You might want to set a number like 9 in the rewrite log level. If you know the method to reproduce it, please submit a ticket with us.

 

[MKT77-Italy]

Morning,

Ok i will try to increase the level for the rewrite logs and check if there is something.

In the meanwhile..this night is happened again! and i had the time to do some more tests as the website during the night is not "in service", and i seen that the 404 error is returned also trying to do a GET in order to retrieve an image in the root folder or simple .html pages.

When this issue happens is like the vhost loses his configuration and can't find the files of the website, i'm getting crazy with this strange issue.

 

[Cold-Egg]

No solution in mind, better submit a ticket to support@litespeedtech.com. Please append the post link

 

[MKT77-Italy]

Ok i'm going to do it now, thanks.
I just found in the log more less at the time of the first "crash" this GET call

2a03:2880:31ff:70::face:b00c - - [26/Aug/2020:23:21:13 +0200] "GET /categoria-prodotto/profuma-bucato/data:text/javascript;base64,%20dmFyIF9zbWJhbm5lcnM9dHJ1ZTs= HTTP/1.1" 404 715"
GET /categoria-prodotto/profuma-bucato/data:text/javascript;base64,%20dmFyIHdjX2NvdW50cnlfc2VsZWN0X3BhcmFtcz17ImNvdW50cmllcyI6IntcIkJFXCI6W10sXCJGUlwiOltdLFwiREVcIjpbXSxcIkdSXCI6e1wiSVwiOlwiXFx1MDM5MVxcdTAzYzRcXHUwM2M0XFx1MDNiOVxcdTAzYmFcXHUwM2FlXCIsXCJBXCI6XCJcXHUwMzkxXFx1MDNiZFxcdTAzYjFcXHUwM2M0XFx1MDNiZlxcdTAzYmJcXHUwM2I5XFx1MDNiYVxcdTAzYWUgXFx1MDM5Y1xcdTAzYjFcXHUwM2JhXFx1MDNiNVxcdTAzYjRcXHUwM2JmXFx1MDNiZFxcdTAzYWZcXHUwM2IxIFxcdTAzYmFcXHUwM2IxXFx1MDNiOSBcXHUwMzk4XFx1MDNjMVxcdTAzYWNcXHUwM2JhXFx1MDNiN1wiLFwiQlwiOlwiXFx1MDM5YVxcdTAzYjVcXHUwM2JkXFx1MDNjNFxcdTAzYzFcXHUwM2I5XFx1MDNiYVxcdTAzYWUgXFx1MDM5Y1xcdTAzYjFcXHUwM2JhXFx1MDNiNVxcdTAzYjRcXHUwM2JmXFx1MDNiZFxcdTAzYWZcXHUwM2IxXCIsXCJDXCI6XCJcXHUwMzk0XFx1MDNjNVxcdTAzYzRcXHUwM2I5XFx1MDNiYVxcdTAzYWUgXFx1MDM5Y1xcdTAzYjFcXHUwM2JhXFx1MDNiNVxcdTAzYjRcXHUwM2JmXFx1MDNiZFxcdTAzYWZcXHUwM2IxXCIsXCJEXCI6XCJcXHUwMzg5XFx1MDNjMFxcdTAzYjVcXHUwM2I5XFx1MDNjMVxcdTAzYmZcXHUwM2MyXCIsXCJFXCI6XCJcXHUwMzk4XFx1MDNiNVxcdTAzYzNcXHUwM2MzXFx1MDNiMVxcdTAzYmJcXHUwM2FmXFx1MDNiMVwiLFwiRlwiOlwiXFx1MDM5OVxcdTAzY2NcXHUwM2JkXFx1MDNiOVxcdTAzYmZcXHUwM2I5IFxcdTAzOWRcXHUwM2FlXFx1MDNjM1xcdTAzYmZcXHUwM2I5XCIsXCJHXCI6XCJcXHUwMzk0XFx1MDNjNVxcdTAzYzRcXHUwM2I5XFx1MDNiYVxcdTAzYWUgXFx1MDM5NVxcdTAzYmJcXHUwM2JiXFx1MDNhY1xcdTAzYjRcXHUwM2IxXCIsXCJIXCI6XCJcXHUwM2EzXFx1MDNjNFxcdTAzYjVcXHUwM2MxXFx1MDNiNVxcdTAzYWMgXFx1MDM5NVxcdTAzYmJcXHUwM2JiXFx1MDNhY1xcdTAzYjRcXHUwM2IxXCIsXCJKXCI6XCJcXHUwM2EwXFx1MDNiNVxcdTAzYmJcXHUwM2JmXFx1MDNjMFxcdTAzY2NcXHUwM2JkXFx1MDNiZFxcdTAzYjdcXHUwM2MzXFx1MDNiZlxcdTAzYzJcIixcIktcIjpcIlxcdTAzOTJcXHUwM2NjXFx1MDNjMVxcdTAzYjVcXHUwM2I5XFx1MDNiZiBcXHUwMzkxXFx1MDNiOVxcdTAzYjNcXHUwM2IxXFx1MDNhZlxcdTAzYmZcIixcIkxcIjpcIlxcdTAzOWRcXHUwM2NjXFx1MDNjNFxcdTAzYjlcXHUwM2JmIFxcdTAzOTFcXHUwM2I5XFx1MDNiM1xcdTAzYjFcXHUwM2FmXFx1MDNiZlwiLFwiTVwiOlwiXFx1MDM5YVxcdTAzYzFcXHUwM2FlXFx1MDNjNFxcdTAzYjdcIn0sXCJJVFwiOntcIkFHXCI6XCJBZ3JpZ2VudG9cIixcIkFMXCI6XCJBbGVzc2FuZHJpYVwiLFwiQU5cIjpcIkFuY29uYVwiLFwiQU9cIjpcIkFvc3RhXCIsXCJBUlwiOlwiQXJlenpvXCIsXCJBUFwiOlwiQXNjb2xpIFBpY2Vub1wiLFwiQVRcIjpcIkFzdGlcIixcIkFWXCI6XCJBdmVsbGlub1wiLFwiQkFcIjpcIkJhcmlcIixcIkJUXCI6XCJCYXJsZXR0YS1BbmRyaWEtVHJhbmlcIixcIkJMXCI6XCJCZWxsdW5vXCIsXCJCTlwiOlwiQmVuZXZlbnRvXCIsXCJCR1wiOlwiQmVyZ2Ftb1wiLFwiQklcIjpcIkJpZWxsYVwiLFwiQk9cIjpcIkJvbG9nbmFcIixcIkJaXCI6XCJCb2x6YW5vXCIsXCJCU1wiOlwiQnJlc2NpYVwiLFwiQlJcIjpcIkJyaW5kaXNpXCIsXCJDQVwiOlwiQ2FnbGlhcmlcIixcIkNMXCI6XCJDYWx0YW5pc3NldHRhXCIsXCJDQlwiOlwiQ2FtcG9iYXNzb1wiLFwiQ0VcIjpcIkNhc2VydGFcIixcIkNUXCI6XCJDYXRhbmlhXCIsXCJDWlwiOlwiQ2F0YW56YXJvXCIsXCJDSFwiOlwiQ2hpZXRpXCIsXCJDT1wiOlwiQ29tb1wiLFwiQ1NcIjpcIkNvc2VuemFcIixcIkNSXCI6XCJDcmVtb25hXCIsXCJLUlwiOlwiQ3JvdG9uZVwiLFwiQ05cIjpcIkN1bmVvXCIsXCJFTlwiOlwiRW5uYVwiLFwiRk1cIjpcIkZlcm1vXCIsXCJGRVwiOlwiRmVycmFyYVwiLFwiRklcIjpcIkZpcmVuemVcIixcIkZHXCI6XCJGb2dnaWFcIixcIkZDXCI6XCJGb3JsXFx1MDBlYy1DZXNlbmFcIixcIkZSXCI6XCJGcm9zaW5vbmVcIixcIkdFXCI6XCJHZW5vdmFcIixcIkdPXCI6XCJHb3JpemlhXCIsXCJHUlwiOlwiR3Jvc3NldG9cIixcIklNXCI6XCJJbXBlcmlhXCIsXCJJU1wiOlwiSXNlcm5pYVwiLFwiU1BcIjpcIkxhIFNwZXppYVwiLFwiQVFcIjpcIkwnQXF1aWxhXCIsXCJMVFwiOlwiTGF0aW5hXCIsXCJMRVwiOlwiTGVjY2VcIixcIkxDXCI6XCJMZWNjb1wiLFwiTElcIjpcIkxpdm9ybm9cIixcIkxPXCI6XCJMb2RpXCIsXCJMVVwiOlwiTHVjY2FcIixcIk1DXCI6XCJNYWNlcmF0YVwiLFwiTU5cIjpcIk1hbnRvdmFcIixcIk1TXCI6XCJNYXNzYS1DYXJyYXJhXCIsXCJNVFwiOlwiTWF0ZXJhXCIsXCJNRVwiOlwiTWVzc2luYVwiLFwiTUlcIjpcIk1pbGFub1wiLFwiTU9cIjpcIk1vZGVuYVwiLFwiTUJcIjpcIk1vbnphIGUgZGVsbGEgQnJpYW56YVwiLFwiTkFcIjpcIk5hcG9saVwiLFwiTk9cIjpcIk5vdmFyYVwiLFwiTlVcIjpcIk51b3JvXCIsXCJPUlwiOlwiT3Jpc3Rhbm9cIixcIlBEXCI6XCJQYWRvdmFcIixcIlBBXCI6XCJQYWxlcm1vXCIsXCJQUlwiOlwiUGFybWFcIixcIlBWXCI6XCJQYXZpYVwiLFwiUEdcIjpcIlBlcnVnaWFcIixcIlBVXCI6XCJQZXNhcm8gZSBVcmJpbm9cIixcIlBFXCI6XCJQZXNjYXJhXCIsXCJQQ1wiOlwiUGlhY2VuemFcIixcIlBJXCI6XCJQaXNhXCIsXCJQVFwiOlwiUGlzdG9pYVwiLFwiUE5cIjpcIlBvcmRlbm9uZVwiLFwiUFpcIjpcIlBvdGVuemFcIixcIlBPXCI6XCJQcmF0b1wiLFwiUkdcIjpcIlJhZ3VzYVwiLFwiUkFcIjpcIlJhdmVubmFcIixcIlJDXCI6XCJSZWdnaW8gQ2FsYWJyaWFcIixcIlJFXCI6XCJSZWdnaW8gRW1pbGlhXCIsXCJSSVwiOlwiUmlldGlcIixcIlJOXCI6XCJSaW1pbmlcIixcIlJNXCI6XCJSb21hXCIsXCJST1wiOlwiUm92aWdvXCIsXCJTQVwiOlwiU2FsZXJub1wiLFwiU1NcIjpcIlNhc3NhcmlcIixcIlNWXCI6XCJTYXZvbmFcIixcIlNJXCI6XCJTaWVuYVwiLFwiU1JcIjpcIlNpcmFjdXNhXCIsXCJTT1wiOlwiU29uZHJpb1wiLFwiU1VcIjpcIlN1ZCBTYXJkZWduYVwiLFwiVEFcIjpcIlRhcmFudG9cIixcIlRFXCI6XCJUZXJhbW9cIixcIlRSXCI6XCJUZXJuaVwiLFwiVE9cIjpcIlRvcmlub1wiLFwiVFBcIjpcIlRyYXBhbmlcIixcIlROXCI6XCJUcmVudG9cIixcIlRWXCI6XCJUcmV2aXNvXCIsXCJUU1wiOlwiVHJpZXN0ZVwiLFwiVURcIjpcIlVkaW5lXCIsXCJWQVwiOlwiVmFyZXNlXCIsXCJWRVwiOlwiVmVuZXppYVwiLFwiVkJcIjpcIlZlcmJhbm8tQ3VzaW8tT3Nzb2xhXCIsXCJWQ1wiOlwiVmVyY2VsbGlcIixcIlZSXCI6XCJWZXJvbmFcIixcIlZWXCI6XCJWaWJvIFZhbGVudGlhXCIsXCJWSVwiOlwiVmljZW56YVwiLFwiVlRcIjpcIlZpdGVyYm9cIn0sXCJOTFwiOltdLFwiRVNcIjp7XCJDXCI6XCJMYSBDb3J1XHUwMGYxYVwiLFwiVklcIjpcIkFyYWJhXFxcL1x1MDBjMWxhdmFcIixcIkFCXCI6XCJBbGJhY2V0ZVwiLFwiQVwiOlwiQWxpY2FudGVcIixcIkFMXCI6XCJBbG1lclx1MDBlZGFcIixcIk9cIjpcIkFzdHVyaWVcIixcIkFWXCI6XCJcdTAwYzF2aWxhXCIsXCJCQVwiOlwiQmFkYWpvelwiLFwiUE1cIjpcIkJhbGVhcmlcIixcIkJcIjpcIkJhcmNlbGxvbmFcIixcIkJVXCI6XCJCdXJnb3NcIixcIkNDXCI6XCJDXHUwMGUxY2VyZXNcIixcIkNBXCI6XCJDYWRpY2VcIixcIlNcIjpcIkNhbnRhYnJpYVwiLFwiQ1NcIjpcIkNhc3RlbGxcdTAwZjNuXCIsXCJDRVwiOlwiQ2V1dGFcIixcIkNSXCI6XCJDaXVkYWQgUmVhbFwiLFwiQ09cIjpcIkNcdTAwZjNyZG9iYVwiLFwiQ1VcIjpcIkN1ZW5jYVwiLFwiR0lcIjpcIkdpcm9uYVwiLFwiR1JcIjpcIkdyYW5hZGFcIixcIkdVXCI6XCJHdWFkYWxhamFyYVwiLFwiU1NcIjpcIkdpcHV6a29hXCIsXCJIXCI6XCJIdWVsdmFcIixcIkhVXCI6XCJIdWVzY2FcIixcIkpcIjpcIkphXHUwMGU5blwiLFwiTE9cIjpcIkxhIFJpb2phXCIsXCJHQ1wiOlwiTGFzIFBhbG1hc1wiLFwiTEVcIjpcIkxlXHUwMGYzblwiLFwiTFwiOlwiTGxlaWRhXCIsXCJMVVwiOlwiTHVnb1wiLFwiTVwiOlwiTWFkcmlkXCIsXCJNQVwiOlwiTVx1MDBlMWxhZ2FcIixcIk1MXCI6XCJNZWxpbGxhXCIsXCJNVVwiOlwiTXVyY2lhXCIsXCJOQVwiOlwiTmF2YXJyYVwiLFwiT1JcIjpcIk91cmVuc2VcIixcIlBcIjpcIlBhbGVuY2lhXCIsXCJQT1wiOlwiUG9udGV2ZWRyYVwiLFwiU0FcIjpcIlNhbGFtYW5jYVwiLFwiVEZcIjpcIlNhbnRhIENydXogZGkgVGVuZXJpZmVcIixcIlNHXCI6XCJTZWdvdmlhXCIsXCJTRVwiOlwiU2l2aWdsaWFcIixcIlNPXCI6XCJTb3JpYVwiLFwiVFwiOlwiVGFycmFnb25hXCIsXCJURVwiOlwiVGVydWVsXCIsXCJUT1wiOlwiVG9sZWRvXCIsXCJWXCI6XCJWYWxlbmNpYVwiLFwiVkFcIjpcIlZhbGxhZG9saWRcIixcIkJJXCI6XCJCaXprYWlhXCIsXCJaQVwiOlwiWmFtb3JhXCIsXCJaXCI6XCJTYXJhZ296emFcIn19IiwiaTE4bl9zZWxlY3Rfc3RhdGVfdGV4dCI6IlNlbGV6aW9uYSB1bidvcHppb25lXHUyMDI2IiwiaTE4bl9ub19tYXRjaGVzIjoiTmVzc3VuIHJpc2NvbnRybyB0cm92YXRvIiwiaTE4bl9hamF4X2Vycm9yIjoiQ2FyaWNhbWVudG8gZmFsbGl0byIsImkxOG5faW5wdXRfdG9vX3Nob3J0XzEiOiJQZXIgZmF2b3JlIGluc2VyaXJlIDEgbyBwaVx1MDBmOSBjYXJhdHRlcmkiLCJpMThuX2lucHV0X3Rvb19zaG9ydF9uIjoiUGVyIGZhdm9yZSBpbnNlcmlyZSAlcXR5JSBvIHBpXHUwMGY5IGNhcmF0dGVyaSIsImkxOG5faW5wdXRfdG9vX2xvbmdfMSI6IlBlciBmYXZvcmUgY2FuY2VsbGEgMSBjYXJhdHRlcmUiLCJpMThuX2lucHV0X3Rvb19sb25nX24iOiJQZXIgZmF2b3JlIGNhbmNlbGxhICVxdHklIGNhcmF0dGVyaSIsImkxOG5fc2VsZWN0aW9uX3Rvb19sb25nXzEiOiJQdW9pIHNlbGV6aW9uYXJlIHNvbG8gMSBhcnRpY29sby4iLCJpMThuX3NlbGVjdGlvbl90b29fbG9uZ19uIjoiUHVvaSBzZWxlemlvbmFyZSBzb2xvICVxdHklIGFydGljb2xpIiwiaTE4bl9sb2FkX21vcmUiOiJDYXJpY2FtZW50byBhbHRyaSByaXN1bHRhdGlcdTIwMjYiLCJpMThuX3NlYXJjaGluZyI6IkNlcmNhbmRvXHUyMDI2In07 HTTP/1.1d3dy5zYWxlc21hbmFnby5wbC9zdGF0aWMvc20uanMnKTs= HTTP/1.1" 404 715"

and as you can see ols returns 404, this seems a try to send a payload in base64 or something like that, but i don't know if could be enough to crash the webserver or not.

Mistery..