Symptoms
When changing to a PHP version greater than 7.0, when using the experimental snuffleupagus package, websites suddenly stop working with an error:
[01-Jan-2021 00:00:00 UTC] PHP Fatal error: [snuffleupagus][disabled_function] Aborted execution on call of the function 'curl_setopt', because its argument '$option' content (81) matched the rule 'Please don't turn CURLOPT_SSL_VERIFYHOST off.'
Description
From the package description:
Snuffleupagus is a PHP7+ module designed to drastically raise the cost of
attacks against websites. This is achieved by killing entire bug classes and
providing a powerful virtual-patching system, allowing the administrator to fix
specific vulnerabilities without having to touch the PHP code.
This package is experimental and should be used with caution.
This package adds extra security rules to PHP, causing insecure CURLOPT commands to fail.
Workaround
You'll need to ensure your site is not disabling SSL VerifyHost through curl_setopts() in your PHP code.
On WordPress, you can try to patch this via your theme's functions.php by adding the following line:
add_filter( 'https_local_ssl_verify', '__return_true' );
It isn't recommended, but, if you're unable to patch your website, you can disable the extension in WHM > EasyApache 4 by uninstalling the ea-php7X-php-snuffleupagus package for the PHP version you're having trouble with.
Comments
0 comments
Article is closed for comments.