# PHP 4 - php works, but phpinfo() does not!

## cbx550f

A webserver I work on is an old machine (that I would love to update, but that's another story...) running PHP 4.4.4 and Apache 1.3.35, and recently the phpinfo() function causes pages to never load.

I first saw this about a week ago, when I threw a phpinfo() into a script I was debugging and then the page didn't load (I didn't have time to look into it at the trime, as a client was awaiting a fix)

Yesterday I tried it again, and same thing - if I create a simple phpinfo file:

```
<?php phpinfo(); ?>
```

 and try to load it into the browser it never loads - Firefox shows "Transferring data from..." but nothing ever happens (I left it doing that last night when I went home - still like that this morning)

First thing I checked was for a change in the php.ini - there was only one change in the past two years, and I rolled back to the previous version of the ini, restarted apache, and no change.

"lynx http://myserver.com/phpinfo.php" run from the commandline on the server works, but loading from browsers (multiple machines, multiple geographic locations) does not.

I just shelled in to another webserver of mine (different network/location), and tried - no load in links, so I tried:

```
www ~ # telnet www.myserver.com 80

GETTrying 65.109.180.18...

Connected to www.myserver.com.

Escape character is '^]'.

GET /bob.php HTTP/1.0

HTTP/1.1 200 OK

Date: Tue, 21 Dec 2010 14:25:05 GMT

Server: Apache/1.3.35 (Unix) ApacheJServ/1.1.2 PHP/4.4.4 FrontPage/5.0.2.2635 Rewrit/1.1a

X-Powered-By: PHP/4.4.4

Connection: close

Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">

<html><head>

<style type="text/css">

body {background-color: #ffffff; color: #000000;}

body, td, th, h1, h2 {font-family: sans-serif;}

pre {margin: 0px; font-family: monospace;}

a:link {color: #000099; text-decoration: none; background-color: #ffffff;}

a:hover {text-decoration: underline;}

table {border-collapse: collapse;}

.center {text-align: center;}

.center table { margin-left: auto; margin-right: auto; text-align: left;}

.center th { text-align: center !important; }

td, th { border: 1px solid #000000; font-size: 75%; vertical-align: baseline;}

h1 {font-size: 150%;}

h2 {font-size: 125%;}

.p {text-align: left;}

.e {background-color: #ccccff; font-weight: bold; color: #000000;}

.h {background-color: #9999cc; font-weight: bold; color: #000000;}

.v {background-color: #cccccc; color: #000000;}

i {color: #666666; background-color: #cccccc;}

img {float: right; border: 0px;}

hr {width: 600px; background-color: #cccccc; border: 0px; height: 1px; color: #000000;}

</style>

<title>phpinfo()</title></head>

<body><div class="center">

<table border="0" cellpadding="3" width="600">

<tr class="h"><td>

<a href="http://www.php.net/"><i
```

It hangs there forever.

Tried the "telnet port 80" on the machine I'm on now - same thing. It almost appears that only one packet gets through.

Every other php script works fine.

Thoughts?

Thanks

----------

## hanj

So the page never loads. It's not loading a white page correct? You're saying that it's hanging.. big difference.

If it's a white page, I would ensure that it's not in the disabled_functions list in php.ini

It it's hanging, I'm wondering if could be IPS system causing. Maybe mod_security, or possibly something with snort inspecting the payload and stopping the transfer. Can you check /var/log/apache2/error_log and /var/log/messages when you're hitting it. Are you running suhosin as well?

hanji

----------

## cbx550f

Never loads, not "white screen".

As for logs (meant to mention this...) - nothing in the error_log, nor messages, and strangely, NOTHING in access_log about it.

I just checked the conf files for apache, and the only change in the past 100 days was changing an unrelated virtualhost back in September....

Thanks for the reply - any thoughts appreciated. Been doing this stuff for going on 20 years, and this one just made me think "better look for outside ideas before I waste too much time"

Edit: and no snort or similar running

Paul

----------

## hanj

Have you tried going to the page via lynx on the server itself? Sure feels like it's a response block since you got partial page?

h

----------

## cbx550f

Yup - lynx on the server works, as does telnetting to port 80, but not from anywhere else.

I agree - it does sure seem like something's blocking it, but it just seems so darned odd that it only seems to be phpinfo causing this sort of behavior, and only when from a remote host.

Paul

BTW: I took a quick look at your blog you link to - looks like good stuff. I had been meaning to do the same for years - mostly just to make not of oddball things that go wrong and to have a home for tools I like, and finally did get around to it a bit recently - http://www.vint.ca

----------

## hanj

So you're sure you don't have mod_security or suhosin running? If you want, you can PM me and I can try from my location as well.

Thanks!

hanji

----------

## cbx550f

Nothing of the sort running that I can find, did "grep -Ri mod_security /etc/httpd/*" to check on the apache configs - nothing.

I'll PM a URL - thanks for the help.

Paul

Also - just did a packet dump with tcpdump from my home machine to there, and this is the last packet to go from server:

```
        0x0000:  4500 05dc 82e0 4000 3306 0811 416d b412  E.....@.3...Am..

        0x0010:  c0a8 0103 0050 9185 8240 2c21 c6d8 ebc9  .....P...@,!....

        0x0020:  8010 1920 39e1 0000 0101 080a 4a19 aeff  ....9.......J...

        0x0030:  c850 f7bd 4854 5450 2f31 2e31 2032 3030  .P..HTTP/1.1.200

        0x0040:  204f 4b0d 0a44 6174 653a 2054 7565 2c20  .OK..Date:.Tue,.

        0x0050:  3231 2044 6563 2032 3031 3020 3138 3a30  21.Dec.2010.18:0

        0x0060:  333a 3539 2047 4d54 0d0a 5365 7276 6572  3:59.GMT..Server

        0x0070:  3a20 4170 6163 6865 2f31 2e33 2e33 3520  :.Apache/1.3.35.

        0x0080:  2855 6e69 7829 2041 7061 6368 654a 5365  (Unix).ApacheJSe

        0x0090:  7276 2f31 2e31 2e32 2050 4850 2f34 2e34  rv/1.1.2.PHP/4.4

        0x00a0:  2e34 2046 726f 6e74 5061 6765 2f35 2e30  .4.FrontPage/5.0

        0x00b0:  2e32 2e32 3633 3520 5265 7772 6974 2f31  .2.2635.Rewrit/1

        0x00c0:  2e31 610d 0a58 2d50 6f77 6572 6564 2d42  .1a..X-Powered-B

        0x00d0:  793a 2050 4850 2f34 2e34 2e34 0d0a 436f  y:.PHP/4.4.4..Co

        0x00e0:  6e6e 6563 7469 6f6e 3a20 636c 6f73 650d  nnection:.close.

        0x00f0:  0a43 6f6e 7465 6e74 2d54 7970 653a 2074  .Content-Type:.t

        0x0100:  6578 742f 6874 6d6c 0d0a 0d0a 3c21 444f  ext/html....<!DO

        0x0110:  4354 5950 4520 6874 6d6c 2050 5542 4c49  CTYPE.html.PUBLI

        0x0120:  4320 222d 2f2f 5733 432f 2f44 5444 2058  C."-//W3C//DTD.X

        0x0130:  4854 4d4c 2031 2e30 2054 7261 6e73 6974  HTML.1.0.Transit

        0x0140:  696f 6e61 6c2f 2f45 4e22 2022 4454 442f  ional//EN"."DTD/

        0x0150:  7868 746d 6c31 2d74 7261 6e73 6974 696f  xhtml1-transitio

        0x0160:  6e61 6c2e 6474 6422 3e0a 3c68 746d 6c3e  nal.dtd">.<html>

        0x0170:  3c68 6561 643e 0a3c 7374 796c 6520 7479  <head>.<style.ty

        0x0180:  7065 3d22 7465 7874 2f63 7373 223e 0a62  pe="text/css">.b

        0x0190:  6f64 7920 7b62 6163 6b67 726f 756e 642d  ody.{background-

        0x01a0:  636f 6c6f 723a 2023 6666 6666 6666 3b20  color:.#ffffff;.

        0x01b0:  636f 6c6f 723a 2023 3030 3030 3030 3b7d  color:.#000000;}

        0x01c0:  0a62 6f64 792c 2074 642c 2074 682c 2068  .body,.td,.th,.h

        0x01d0:  312c 2068 3220 7b66 6f6e 742d 6661 6d69  1,.h2.{font-fami

        0x01e0:  6c79 3a20 7361 6e73 2d73 6572 6966 3b7d  ly:.sans-serif;}

        0x01f0:  0a70 7265 207b 6d61 7267 696e 3a20 3070  .pre.{margin:.0p

        0x0200:  783b 2066 6f6e 742d 6661 6d69 6c79 3a20  x;.font-family:.

        0x0210:  6d6f 6e6f 7370 6163 653b 7d0a 613a 6c69  monospace;}.a:li

        0x0220:  6e6b 207b 636f 6c6f 723a 2023 3030 3030  nk.{color:.#0000

        0x0230:  3939 3b20 7465 7874 2d64 6563 6f72 6174  99;.text-decorat

        0x0240:  696f 6e3a 206e 6f6e 653b 2062 6163 6b67  ion:.none;.backg

        0x0250:  726f 756e 642d 636f 6c6f 723a 2023 6666  round-color:.#ff

        0x0260:  6666 6666 3b7d 0a61 3a68 6f76 6572 207b  ffff;}.a:hover.{

        0x0270:  7465 7874 2d64 6563 6f72 6174 696f 6e3a  text-decoration:

        0x0280:  2075 6e64 6572 6c69 6e65 3b7d 0a74 6162  .underline;}.tab

        0x0290:  6c65 207b 626f 7264 6572 2d63 6f6c 6c61  le.{border-colla

        0x02a0:  7073 653a 2063 6f6c 6c61 7073 653b 7d0a  pse:.collapse;}.

        0x02b0:  2e63 656e 7465 7220 7b74 6578 742d 616c  .center.{text-al

        0x02c0:  6967 6e3a 2063 656e 7465 723b 7d0a 2e63  ign:.center;}..c

        0x02d0:  656e 7465 7220 7461 626c 6520 7b20 6d61  enter.table.{.ma

        0x02e0:  7267 696e 2d6c 6566 743a 2061 7574 6f3b  rgin-left:.auto;

        0x02f0:  206d 6172 6769 6e2d 7269 6768 743a 2061  .margin-right:.a

        0x0300:  7574 6f3b 2074 6578 742d 616c 6967 6e3a  uto;.text-align:

        0x0310:  206c 6566 743b 7d0a 2e63 656e 7465 7220  .left;}..center.

        0x0320:  7468 207b 2074 6578 742d 616c 6967 6e3a  th.{.text-align:

        0x0330:  2063 656e 7465 7220 2169 6d70 6f72 7461  .center.!importa

        0x0340:  6e74 3b20 7d0a 7464 2c20 7468 207b 2062  nt;.}.td,.th.{.b

        0x0350:  6f72 6465 723a 2031 7078 2073 6f6c 6964  order:.1px.solid

        0x0360:  2023 3030 3030 3030 3b20 666f 6e74 2d73  .#000000;.font-s

        0x0370:  697a 653a 2037 3525 3b20 7665 7274 6963  ize:.75%;.vertic

        0x0380:  616c 2d61 6c69 676e 3a20 6261 7365 6c69  al-align:.baseli

        0x0390:  6e65 3b7d 0a68 3120 7b66 6f6e 742d 7369  ne;}.h1.{font-si

        0x03a0:  7a65 3a20 3135 3025 3b7d 0a68 3220 7b66  ze:.150%;}.h2.{f

        0x03b0:  6f6e 742d 7369 7a65 3a20 3132 3525 3b7d  ont-size:.125%;}

        0x03c0:  0a2e 7020 7b74 6578 742d 616c 6967 6e3a  ..p.{text-align:

        0x03d0:  206c 6566 743b 7d0a 2e65 207b 6261 636b  .left;}..e.{back

        0x03e0:  6772 6f75 6e64 2d63 6f6c 6f72 3a20 2363  ground-color:.#c

        0x03f0:  6363 6366 663b 2066 6f6e 742d 7765 6967  cccff;.font-weig

        0x0400:  6874 3a20 626f 6c64 3b20 636f 6c6f 723a  ht:.bold;.color:

        0x0410:  2023 3030 3030 3030 3b7d 0a2e 6820 7b62  .#000000;}..h.{b

        0x0420:  6163 6b67 726f 756e 642d 636f 6c6f 723a  ackground-color:

        0x0430:  2023 3939 3939 6363 3b20 666f 6e74 2d77  .#9999cc;.font-w

        0x0440:  6569 6768 743a 2062 6f6c 643b 2063 6f6c  eight:.bold;.col

        0x0450:  6f72 3a20 2330 3030 3030 303b 7d0a 2e76  or:.#000000;}..v

        0x0460:  207b 6261 636b 6772 6f75 6e64 2d63 6f6c  .{background-col

        0x0470:  6f72 3a20 2363 6363 6363 633b 2063 6f6c  or:.#cccccc;.col

        0x0480:  6f72 3a20 2330 3030 3030 303b 7d0a 6920  or:.#000000;}.i.

        0x0490:  7b63 6f6c 6f72 3a20 2336 3636 3636 363b  {color:.#666666;

        0x04a0:  2062 6163 6b67 726f 756e 642d 636f 6c6f  .background-colo

        0x04b0:  723a 2023 6363 6363 6363 3b7d 0a69 6d67  r:.#cccccc;}.img

        0x04c0:  207b 666c 6f61 743a 2072 6967 6874 3b20  .{float:.right;.

        0x04d0:  626f 7264 6572 3a20 3070 783b 7d0a 6872  border:.0px;}.hr

        0x04e0:  207b 7769 6474 683a 2036 3030 7078 3b20  .{width:.600px;.

        0x04f0:  6261 636b 6772 6f75 6e64 2d63 6f6c 6f72  background-color

        0x0500:  3a20 2363 6363 6363 633b 2062 6f72 6465  :.#cccccc;.borde

        0x0510:  723a 2030 7078 3b20 6865 6967 6874 3a20  r:.0px;.height:.

        0x0520:  3170 783b 2063 6f6c 6f72 3a20 2330 3030  1px;.color:.#000

        0x0530:  3030 303b 7d0a 3c2f 7374 796c 653e 0a3c  000;}.</style>.<

        0x0540:  7469 746c 653e 7068 7069 6e66 6f28 293c  title>phpinfo()<

        0x0550:  2f74 6974 6c65 3e3c 2f68 6561 643e 0a3c  /title></head>.<

        0x0560:  626f 6479 3e3c 6469 7620 636c 6173 733d  body><div.class=

        0x0570:  2263 656e 7465 7222 3e0a 3c74 6162 6c65  "center">.<table

        0x0580:  2062 6f72 6465 723d 2230 2220 6365 6c6c  .border="0".cell

        0x0590:  7061 6464 696e 673d 2233 2220 7769 6474  padding="3".widt

        0x05a0:  683d 2236 3030 223e 0a3c 7472 2063 6c61  h="600">.<tr.cla

        0x05b0:  7373 3d22 6822 3e3c 7464 3e0a 3c61 2068  ss="h"><td>.<a.h

        0x05c0:  7265 663d 2268 7474 703a 2f2f 7777 772e  ref="http://www.

        0x05d0:  7068 702e 6e65 742f 223e 3c69            php.net/"><i

```

----------

## hanj

This is really weird. I get the same thing. Interesting that it bombs on the <img tag call of the logo. It does seem like packet length or something?? I wonder if there some type of router inspect policy somewhere in line after the server? Can you name the phpinfo file.. anything and it will continually do this?

Thanks!

hanji

----------

## cbx550f

Strange, huh?

I can name the file anything, or put phpinfo() in ANY php file and it happens.....

Let me try something....

Hmmm... I just stuck a "phpinfo()" at the bottom of a php script on another page on that server, and it loads the whole page, then hangs in the same fashion - the following is the output from the last couple of lines in the page and the little bit it got from the phpinfo() output:

```
    </p>

</div>

</body>

</html><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">

<html><head>

<style type="text/css">

body {background-color: #ffffff; color: #000000;}

body, td, th, h1, h2 {font-family: sans-serif;}

pre {margin: 0px; font-family: monospace;}

a:link {color: #000099; text-decoration: none; background-color: #ffffff;}

a:hover {text-decoration: underline;}

table {border-collapse: collapse;}

.center {text-align: center;}

.center table { margin-left: auto; margin-right: auto; text-align: left;}

.center th { text-align: center !important; }

td, th { border: 1px solid #000000; font-size: 75%; vertical-align: baseline;}

h1 {font-size: 1

```

Seeming to me like maybe the PHP script engine is crashing?? 

Just tried cranking the apache LogLevel up to Debug - nothing showing in the log.

----------

## cbx550f

... and just for fun, I tried it with https - and it works that way!

Enough to make a grown man cry.  :Wink: 

----------

## Ant P.

Try it with the implicit_flush config option turned on, and output buffering/compression turned off.

----------

## cbx550f

 *Ant_P wrote:*   

> Try it with the implicit_flush config option turned on, and output buffering/compression turned off.

 

I will - tomorrow. (Tonight is for having a beverage and decorating!!)

I've been reluctant to "try things" with the php config, as I know 100% certain that the only thing that has been changed there in the past 6 months was "allow_url_fopen" (I think that's what it's called...) and it's been changed back, but I will try that.

In case I hadn't mentioned it, it has worked all along (many years) until the past week or so, and the php.ini, Apache conf files, and kernel have all stayed the same (latest change I found was a virtual host addition in apache).

Thanks Ant.

Paul

----------

## cbx550f

 *Ant_P wrote:*   

> Try it with the implicit_flush config option turned on, and output buffering/compression turned off.

 

Tried it - no change.

Thanks though!

----------

