Hi, first time poster and new to OLS but hoping someone might have some insight into this issue.
Server: VULTR VPS on UBUNTU20.04+11, managed via RunCloud using their Open Lightspeed stack
Software stack: PHP 7.4, WordPress 5.8.1, custom vanilla PHP theme
Plugin of note: iThemes Security
Issue:
In my theme, I am using
On NGINX this works perfectly. On migrating the site to a new server running OLS however, the backend call to
Strangely, if I disable the iThemes Security plugin
Workaround that worked:
By using
Obviously this is 11 lines of code to replace 1, so I'd like to get to the bottom of allowing
Theory:
My theory is that these requests from the server to files on the same server are somehow flagged by LiteSpeed in a way that makes iThemes Security reject them.
If anyone out there in the LS world has any thoughts, would love your input, keen to use this server tech a lot more because it's so fast!
Thanks friends.
Server: VULTR VPS on UBUNTU20.04+11, managed via RunCloud using their Open Lightspeed stack
Software stack: PHP 7.4, WordPress 5.8.1, custom vanilla PHP theme
Plugin of note: iThemes Security
Issue:
In my theme, I am using
file_get_contents to pull in the contents of the site logo SVG uploaded to the admin. This is then inlined (so it can be styled differently via css if required) and calcs are run on the logo to set the width based on the desired height of the header.On NGINX this works perfectly. On migrating the site to a new server running OLS however, the backend call to
file_get_contents gets a 403 response each time.Strangely, if I disable the iThemes Security plugin
file_get_contents works with no 403, however on all of my sites running on NGINX servers (over 30) this exact thing works with the exact same code and security plugin.Workaround that worked:
By using
curl and setting headers, I was able to resolve these SVG urls and run all my functions:
PHP:
$url = $header_logo['url'];
$agent= 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)';
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER['REQUEST_URI']);
$header_logo_code = curl_exec($ch);
curl_close($ch);file_get_contents to work! Theory:
My theory is that these requests from the server to files on the same server are somehow flagged by LiteSpeed in a way that makes iThemes Security reject them.
If anyone out there in the LS world has any thoughts, would love your input, keen to use this server tech a lot more because it's so fast!
Thanks friends.