Score:-4

Why are terabytes of memory suddenly requested?

lc flag
yan

A couple of days ago I configured my server to use PHP-FPM to use different versions of PHP for different sites. After that they worked fine. Two Drupal 9 sites are using PHP 8.1, other Drupal 7 sites are using PHP 7.4.

Without any changes I am aware of, the sites stopped working. The server log file contains a warning regarding memory usage:

PHP Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 7002662505284858752 bytes) in Unknown on line 0

I had already raised the memory_limit from 512mb to 1gb. Before, the error message reflected the other setting:

PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 7002662505284858752 bytes) in Unknown on line 0

I even tried to set it to -1:

PHP Fatal error: Out of memory (allocated 2097152) (tried to allocate 7002662505284858752 bytes) in Unknown on line 0

How on earth could Drupal suddenly use 7.002.662.505.284.858.752 bytes of memory? That's 7.002.662.505 gb or 7.002.662 tb.

At the same time I got errors regarding SSL certificates. All sites use certificates from Let's Encrypt and worked without a problem. Running checks on https://www.ssllabs.com, no problem appears. I configured the sites to run without https, but the memory error remains.

I can't even log into my sites, but using Drush, the watchdog log doesn't show anything important.

On some pages or sites, using Chrome, I get the error ERR_EMPTY_RESPONSE.

I am kind of lost after some hours of searching. Does anybody have an idea what could be causing this?

Update: I created an issue on drupal.org: Auto-generated .htaccess in files directory breaks sites

id flag
If you did not change the Drupal codebase around the time this began you should inquire to your hosting company or sysadmins about any changes they made around that time.
yan avatar
lc flag
yan
Thanks cilefen. The sites are running on a server that I manage. So I pretty much know what I did.. The only thing I can relate to this is that I raised the PHP memory_limit yesterday.
id flag
Does any PHP script execute?
yan avatar
lc flag
yan
Currently the Drupal sites are loading more or less, but with errors when js and images are loaded. When I turn CSS and JS aggregation on, all layouts disappear. But generally, the sites work. When I try to open an image or JS file in sites/default/files directly, I get an SSL error in Firefox (in Chrome: ERR_EMPTY_RESPONSE)
id flag
What we usually do is, if there is a bug report, is to close the Question here. But I don't in fact think you have uncovered a bug in Drupal but rather some kind of issue with that platform setup. Drupal isn't even serving the files in that directory.
Score:1
lc flag
yan

I investigated a lot and it seems the problem was that after installing PHP-FPM, I didn't disable mod_php. Now I ran

sudo a2dismod php7.4

and rebuilt all caches. The error does not appear anymore, at least by now.

Before, I found that this part in sites/default/files/.htaccess of Drupal 8 and 9 sites caused SSL errors that lead to the problems described above:

<IfModule mod_php7.c>
  php_flag engine off
</IfModule>
<IfModule mod_php.c>
  php_flag engine off
</IfModule>

Commenting them out (adding # in every line) made the sites work properly and apparently also makes the memory error disappear. After disabeling mod_php, the sites ran with the original .htaccess created by Drupal.

Maintaining security features with PHP-FPM

In my understanding, using PHP-FPM means that the security features in .htaccess won't work. One workaround I found was adding this before <IfModule mod_php7.c> in sites/default/files/.htaccess:

<Files "*.php">
  SetHandler none
  SetHandler default-handler
  Options -ExecCGI
  RemoveHandler .php
</Files>

This will lead to security warnings by the Security Review in Drupal, though, because the .htaccess file has been altered. Another way is to change the configuration directly in the Apache conf file as decribed here (I adapted it a little):

# Security setting for files folder in Drupal.
<DirectoryMatch "^/var/www/.*/sites/.*/(files|tmp)">
    # Turn off all options we don't need.
    Options -Indexes -ExecCGI -Includes -MultiViews

    # Set the catch-all handler to prevent scripts from being executed.
    SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
    <Files *>
        # Override the handler again if we're run later in the evaluation list.
        SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
    </Files>

    # If we know how to do it safely, disable the PHP engine entirely.
    <IfModule mod_php7.c>
        php_flag engine off
    </IfModule>
    <IfModule mod_php.c>
        php_flag engine off
    </IfModule>
</DirectoryMatch>

# Security setting for config folder in Drupal.
<DirectoryMatch "^/var/www/.*/sites/.*/(private|config|sync|translations|twig)">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>

    # Deny all requests from Apache 2.0-2.2.
    <IfModule !mod_authz_core.c>
        Deny from all
    </IfModule>
    # Turn off all options we don't need.
    Options -Indexes -ExecCGI -Includes -MultiViews

    # Set the catch-all handler to prevent scripts from being executed.
    SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
    <Files *>
        # Override the handler again if we're run later in the evaluation list.
        SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
    </Files>

    # If we know how to do it safely, disable the PHP engine entirely.
    <IfModule mod_php7.c>
        php_flag engine off
    </IfModule>
    <IfModule mod_php.c>
        php_flag engine off
    </IfModule>
</DirectoryMatch>
Kevin avatar
in flag
I just created a new D10 site, and that line is already uncommented. Did someone comment it out? Is it possible there is a hacker trying to get executable php files into your site?
yan avatar
lc flag
yan
I might have misspoken: Default state is that those lines are active (which causes my errors). When I comment them out (adding # in every line), the errors disappear. Of course that makes my sites less secure. But it was me who commented them out.
cn flag
You should probably update the issue on d.org and change "uncomment" to "comment" for clarity too
yan avatar
lc flag
yan
Thanks Clive, I corrected both here and on drupal.org.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.