Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Admin suddenly slow - cause & solution


John W

Recommended Posts

I suddenly started having very slow access and page loads in my Admin (it's renamed) while the catalog side ran fast.  After thinking about this a bit I figured it had to be because of the Apache Auth on Admin.  To back up a little, Apache 2.4 changed the way .htaccess works for allowing and denying, see http://httpd.apache.org/docs/current/upgrading.html  There's a module call mod_compat that makes the old system compatible, but that's definitely where my problem was.  It would take a minute for a page to load in Admin.  Important to note that the exact way they show on the apache site didn't work.  Mine below works. 

Here's my old .htaccess

SSLRequireSSL
Order Deny,Allow
deny from all
allow from IP my ip
AuthName "Restricted"
AuthUserFile "my path to file"
AuthType Basic
require valid-user

Here's my new one that is working completely from my testing.  Test yours if you change this. 

NOTE: Important to note that the exact way they show on the apache site didn't work.  Mine below works. 

SSLRequireSSL
AuthType Basic
AuthUserFile "my path to file"
AuthName "Restricted"
<RequireAll>
        Require valid-user
        Require ip my ip
</RequireAll>

I don't know if anyone else will run into this but I'm guessing this is coming.  We should probably look at making changes to all the .htaccess files.

I'm not really a dog.

Link to comment
Share on other sites

A little more info on this.  The way I determined this was the problem is when I commented out the auth, the admin loaded fast.  I only had to comment out for a couple seconds to see the effect. 

Also, for my ip, I use the first two numbers of my ip.  For instance 192.168 which in my case is my ISP from my part of my state.  So, if my ip changes like from Hurricane Irma coming through, then I'm still good without changing that.  If I try to access it through a VPN, then I get a 403 error.

I'm not really a dog.

Link to comment
Share on other sites

@MrPhil

That's actually how I had done mine a long long time ago.  I agree it's better because it puts the password file in a protected directory outside of public_html.  This problem showed up after a nightly Cpanel/Apache update.  I have a dedicated server and have run Apache 2.4 for many years now and this just popped up.  May have been a glitch in mod_compat or mod_access_compat, but this is the future anyway, so I'll leave it.  I know they have dbm auth too, but haven't explored it.

I'm not really a dog.

Link to comment
Share on other sites

After thinking about this, I realized I've modified mine compared to how Cpanel writes it.  Mainly, with SSLRequireSSL and require ip.  Cpanel now has password protect label inside of "leech protection".  Unfortunately, I don't think it has the ability to add the require ip address, which in my case feels like added security.

I'm not really a dog.

Link to comment
Share on other sites

  • 4 months later...
On 9/25/2017 at 8:59 AM, John W said:

A little more info on this.  The way I determined this was the problem is when I commented out the auth, the admin loaded fast.  I only had to comment out for a couple seconds to see the effect. 

Also, for my ip, I use the first two numbers of my ip.  For instance 192.168 which in my case is my ISP from my part of my state.  So, if my ip changes like from Hurricane Irma coming through, then I'm still good without changing that.  If I try to access it through a VPN, then I get a 403 error.

John,

I'm experiencing the same problem.  What exactly did you comment out for your test?

Thanks!

Link to comment
Share on other sites

Hi Bill,

I commented out the auth part of it.  You can comment out everything for a minute to check it then put it back.  I see you PM and you can PM me your .htaccess file and I'll look at it.  I might be able to fix this in a heartbeat for you.

I'm not really a dog.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...