Make WordPress Core

Opened 2 years ago

Last modified 21 months ago

#56347 new defect (bug)

Download failed. A valid URL was not provided.

Reported by: unmanarc's profile unmanarc Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.0
Component: HTTP API Keywords:
Focuses: Cc:

Description

I found some problem when you configure your wordpress behind an HTTP proxy (Without DNS resolution), the plugins/themes/etc updates (not talking about 3rd party related) are going to fail with:

Download failed. A valid URL was not provided.

I traced back the issue to https://github.com/WordPress/WordPress/blob/90e6f5aed5c897f29ef129808d4dc9db29655cd4/wp-includes/http.php#L549

so, the problem is quite simple, when WordPress calls the function wp_http_validate_url before calling the proxy itself, WP uses a non-proxy DNS function (gethostbyname) to validate the URL hostname, and because I don’t have DNS (for security reasons), it will fail…

the point is, if your internet exit is defined by WP_PROXY_HOST, I would not expect to have any other internet access or protocol (like DNS), so when you try to resolve downloads.wordpress.org from the WP host (not from the proxy), it will fail… but when you ask the http proxy to get some content from there, it should work very well…

using gethostbyname before the http proxy, and dropping the proxy request by the gethostbyname failure, was stopping my wordpress from getting updates in my secure environment…

so, understanding this, I did the following temporary hack, I added this line to /etc/hosts:

1.2.3.4 downloads.wordpress.org

then, when gethostbyname asked for it, the OS libs answered with 1.2.3.4 (a valid fictitious external IP addr), and passed the request to the proxy (who properly handled the download)…

My recommendation to the developers is to consider that when you have configured WP_PROXY_HOST, you should not expect DNS calls to work (try another way), DNS should not be a pre-requisite when you have a proxy.

Regards.

Change History (2)

#1 @unmanarc
2 years ago

NOTE:
the http proxy itself, yes, he do have access to DNS resolution.
the webserver with wordpress only have access to the http proxy.

#2 @webdados
21 months ago

  • Component changed from Upgrade/Install to HTTP API

I can confirm this bug and I just stumbled on it on a new client that has everything behind a proxy.

When WordPress is configured to run behind a proxy, no PHP functions that are-non proxied should be used on the HTTP API.

Note: See TracTickets for help on using tickets.