Error 404 on episode list page after 3.7.0 to 3.7.1 update and still present in 3.7.2

I had and have an episodes page under https://brand-club.net/podcast/ and it was working parallel to an permalink structure different from the blog https://brand-club.net/podcast/%podcast%/ - so i was very happy with that. Since the update to 3.7.1. i only get an Error 404 Page on /podcast/ but single episodes triggered from within the admin panel using https://brand-club.net/podcast/%podcast%/ is still working.

I tried repair more than once, i tried enabling/disabling each feature separately and together, i save permalink structure in wordpress setting again, i cleared all caches, …

[Wed Feb 02 09:22:14.366564 2022] [proxy_fcgi:error] [pid 1702192:tid 139974829586176] [client 88.198.164.83:0] AH01071: Got error 'PHP message: PHP Warning:  Undefined array key "source" in /var/www/vhosts/brand-club.net/httpdocs/wp-content/plugins/podlove-web-player/includes/class-podlove-web-player-options.php on line 159'
[Wed Feb 02 09:22:14.550496 2022] [proxy_fcgi:error] [pid 1702192:tid 139974972262144] [client 88.198.164.83:0] AH01071: Got error 'PHP message: PHP Warning:  Undefined array key "source" in /var/www/vhosts/brand-club.net/httpdocs/wp-content/plugins/podlove-web-player/includes/class-podlove-web-player-options.php on line 159'
[Wed Feb 02 09:23:20.283351 2022] [:error] [pid 1559851:tid 139974972262144] [client 88.198.164.83:0] [client 88.198.164.83] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||brand-club.net|F|4"] [data "REQUEST_URI=/podcast/%podcast%/"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "brand-club.net"] [uri "/podcast/%podcast%/"] [unique_id "Yfo-eF6qkPEYspkxVhJx8wAAAEM"]
[Wed Feb 02 09:24:49.784328 2022] [proxy_fcgi:error] [pid 1559850:tid 139974619932416] [client 35.187.63.239:0] AH01071: Got error 'PHP message: PHP Warning:  Undefined array key "source" in /var/www/vhosts/brand-club.net/httpdocs/wp-content/plugins/podlove-web-player/includes/class-podlove-web-player-options.php on line 159'
[Wed Feb 02 09:26:18.723802 2022] [proxy_fcgi:error] [pid 1702192:tid 139974896727808] [client 34.243.23.252:0] AH01071: Got error 'PHP message: PHP Warning:  Undefined array key "source" in /var/www/vhosts/brand-club.net/httpdocs/wp-content/plugins/podlove-web-player/includes/class-podlove-web-player-options.php on line 159'
[Wed Feb 02 09:26:29.552398 2022] [proxy_fcgi:error] [pid 1559850:tid 139974963869440] [client 195.192.106.155:0] AH01071: Got error 'PHP message: PHP Warning:  Undefined array key "source" in /var/www/vhosts/brand-club.net/httpdocs/wp-content/plugins/podlove-web-player/includes/class-podlove-web-player-options.php on line 159PHP message: PHP Warning:  Undefined array key "source" in /var/www/vhosts/brand-club.net/httpdocs/wp-content/plugins/podlove-web-player/includes/class-podlove-web-player-options.php on line 159'

So i can see that the WebApplicationFirewall (WAF) is doing here job, but i don’t understand why this happens since 3.7.1 while there were no changes to the hosting environment.

I also found this:

--8833fc43-A--
[02/Feb/2022:08:50:24 +0100] Yfo3wJmP6K9VDeqam3lccgAAAAs 77.68.16.200 58578 62.138.25.86 7081
--8833fc43-B--
GET ///wp-json/wp/v2/users/ HTTP/1.0
Host: www.brand-club.net
X-Real-IP: 77.68.16.200
X-Accel-Internal: /internal-nginx-static-location
Connection: close
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Referer: http://www.brand-club.net///wp-json/wp/v2/users/
Accept-Encoding: gzip

--8833fc43-F--
HTTP/1.1 403 Forbidden
Content-Length: 268
Connection: close
Content-Type: text/html; charset=iso-8859-1

--8833fc43-H--
Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.brand-club.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 77.68.16.200] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.brand-club.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.brand-club.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "Yfo3wJmP6K9VDeqam3lccgAAAAs"]
Action: Intercepted (phase 2)
Stopwatch: 1643788224201269 2271 (- - -)
Stopwatch2: 1643788224201269 2271; combined=921, p1=352, p2=495, p3=0, p4=0, p5=74, sr=80, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--8833fc43-Z--

--df221d7a-A--
[02/Feb/2022:09:23:20 +0100] Yfo-eF6qkPEYspkxVhJx8wAAAEM 88.198.164.83 56240 62.138.25.86 7081
--df221d7a-B--
GET /podcast/%25podcast%25/ HTTP/1.0
Host: brand-club.net
X-Real-IP: 88.198.164.83
X-Accel-Internal: /internal-nginx-static-location
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15
Accept: */*
Accept-Language: *
Accept-Encoding: gzip

--df221d7a-F--
HTTP/1.1 403 Forbidden
Content-Length: 264
Connection: close
Content-Type: text/html; charset=iso-8859-1

--df221d7a-H--
Message: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||brand-club.net|F|4"] [data "REQUEST_URI=/podcast/%podcast%/"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 88.198.164.83] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||brand-club.net|F|4"] [data "REQUEST_URI=/podcast/%podcast%/"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "brand-club.net"] [uri "/podcast/%podcast%/"] [unique_id "Yfo-eF6qkPEYspkxVhJx8wAAAEM"]
Action: Intercepted (phase 2)
Stopwatch: 1643790200281703 1893 (- - -)
Stopwatch2: 1643790200281703 1893; combined=688, p1=303, p2=318, p3=0, p4=0, p5=67, sr=60, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "ENABLED"

--df221d7a-Z--

To exempt the security-id’s 210381 and 225170 in the WAF is also not working.

PHP 8.0.15 dedicated FPM by nginx
memory_limit 512

Any ideas?

I also disabled the complete WAF on the whole server for all hosts, same result, Error 404 on episodes pages.

All that remains in the logfile is this:

[Wed Feb 02 10:07:13.195736 2022] [proxy_fcgi:error] [pid 1713039:tid 140133475006208] [client 195.192.106.155:0] AH01071: Got error 'PHP message: PHP Warning:  Undefined array key "source" in /var/www/vhosts/brand-club.net/httpdocs/wp-content/plugins/podlove-web-player/includes/class-podlove-web-player-options.php on line 159PHP message: PHP Warning:  Undefined array key "source" in /var/www/vhosts/brand-club.net/httpdocs/wp-content/plugins/podlove-web-player/includes/class-podlove-web-player-options.php on line 159', referer: https://brand-club.net/podcast/

Since WAF is disabled there are no further logs.

Fixed it. Blog permalink structure overrules podlove.

So i set individual permalink structutre in WP to /blog/

This moved /podcast/ to /blog/podcast/ but it didn’t show up in the podlove settings.

1 Like