[SAC] [OSGeo] #2821: Logging into www.osgeo.org is broken

OSGeo trac_osgeo at osgeo.org
Tue Oct 4 13:13:13 PDT 2022 

#2821: Logging into www.osgeo.org is broken
---------------------------+----------------------------------------
 Reporter:  robe           |       Owner:  sac@…
     Type:  task           |      Status:  closed
 Priority:  normal         |   Milestone:  Sysadmin Contract 2022-II
Component:  Systems Admin  |  Resolution:  fixed
 Keywords:                 |
---------------------------+----------------------------------------
Changes (by robe):

 * status:  new => closed
 * resolution:   => fixed

Comment:

 I think I have this issue fixed.  I assume it might have been auto-update
 of the WP All in one Security that went hay-wire.

 Along the way I did change the proxy setting, changed

 I revised the www.osgeo.org-common.conf
 added these lines, could I couldn't find them before

 {{{
 RemoteIPHeader X-Real-IP
 RemoteIPInternalProxy nginx.lxd

 ErrorLog ${APACHE_LOG_DIR}/www.osgeo.org-error.log
 CustomLog ${APACHE_LOG_DIR}/www.osgeo.org-access.log combined

 }}}


 Cause I couldn't find the proxy setting anywhere else, though it looked
 like wordpress was picking up ips of prior.

 and changed logging format in /etc/apache2/apache.conf


 {{{
 #LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
 combined
 LogFormat "%a %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-
 Agent}i\"" combined
 }}}


 All those changes I thought had fixed, but then I couldn't log in again on
 another pc I tried , so might have been a coincidence that the lockout
 period was over.

 So while I was in on one pc, I disabled all the lockout of the WP-All
 Security plugin and was then able to log into another pc.

 I think I've reenabled most of them, but before doing that, I did a patch
 updates of wordpress to 6.0.2 and updates of all the plugins.  Before it
 was 6.0.1

 So sad conclusion, it seems fixed but not absolutely sure why.  Possible
 reasons I can think

 1) Proxy wasn't properly set and perhaps auto update of security caught
 this and went into panick
 2) Something about auto update of security, was incompatible with the
 6.0.1 we were running, causing it to go into panic mode

 3) It really isn't fixed and I actually did not renable it as I thought
 4) It isn't fixed and I renabled it so we should get a lock out again
 soon.

 I'm gong to close and assume it is fixed and someone can reopen if they
 have issues.
 I'll monitor the security logs to see if it picks up anything.  I do see
 logs of people logging in and active sessions.
-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2821#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

More information about the Sac mailing list