Symptoms
When attempting to install cPanel you receive the following notice, and the installation fails:
(DEBUG): Retrieving http://httpupdate.cpanel.net/cpanelsync/TIERS to the TIERS file...
(FATAL): The system could not fetch the TIERS file:
When attempting to reach the noted URL using curl it returns something similar to the following:
This transfer is blocked.
Description
This occurs as a result of your Web Appliance Firewall (WAF), or other security appliance, blocking the requests.
Workaround
There are two solutions to this behavior.
The first is to ensure that the IPs for httpupdate.cpanel.net are allowed access through your WAF or Security appliance. To obtain the most recent list of IPs execute the following commands from within your server:
dig +short httpupdate.cpanel.net
As an example, the following commands would whitelist all of the relevant IPs if you are running only iptables:
First, we create a new chain to manage these rules:
iptables -N httupdate-cPanel
Next, we whitelist the addresses for httupdate.cpanel.net
for address in $(dig +short httpupdate.cpanel.net|sort); do iptables -A httpupdate-cPanel -s $address -j ACCEPT; done
Finally, we confirm that the chain contains the list of addresses
iptables -nL httpupdate-cPanel
Which should return something similar to the following:
Chain httpupdate-cPanel (0 references)
target prot opt source destination
ACCEPT all -- 103.252.152.1 0.0.0.0/0
ACCEPT all -- 122.201.72.171 0.0.0.0/0
ACCEPT all -- 159.253.142.50 0.0.0.0/0
ACCEPT all -- 184.94.196.92 0.0.0.0/0
ACCEPT all -- 184.94.196.93 0.0.0.0/0
ACCEPT all -- 184.94.196.94 0.0.0.0/0
ACCEPT all -- 204.10.37.146 0.0.0.0/0
ACCEPT all -- 206.130.99.76 0.0.0.0/0
ACCEPT all -- 208.100.0.204 0.0.0.0/0
ACCEPT all -- 208.109.109.239 0.0.0.0/0
ACCEPT all -- 208.43.129.162 0.0.0.0/0
ACCEPT all -- 63.247.66.98 0.0.0.0/0
ACCEPT all -- 66.23.237.210 0.0.0.0/0
ACCEPT all -- 66.71.244.18 0.0.0.0/0
ACCEPT all -- 67.205.110.4 0.0.0.0/0
ACCEPT all -- 67.227.128.74 0.0.0.0/0
ACCEPT all -- 69.73.140.17 0.0.0.0/0
ACCEPT all -- 74.50.120.123 0.0.0.0/0
ACCEPT all -- 83.170.94.2 0.0.0.0/0
ACCEPT all -- 94.75.231.77 0.0.0.0/0
The second solution would be to disable the WAF or security appliance temporarily.
Once you have performed either of the above the operation that returned the above error will now complete successfully.
Comments
0 comments
Article is closed for comments.