PDF Download time delay when iptables enabled

cookay · January 26, 2016, 9:27pm

Hi Kovah,

First of all thanks for invoiceplane!

I have a strange issue with my install which is running on Arch Linux with apache, PHP v7 and v1.4.4 Invoiceplane.

The server this is being hosted on only needs to be accessible from my place of work, so I have set up the iptables firewall to block all traffic from anywhere except from my workplaces IP. The iptables rule is very basic. It just blocks all IP addresses except the ones explicitly allowed.

Everything on invoiceplane works fine until I try to download a PDF attachment of an invoice. The connection hangs for about 3-4 minutes and then the PDF is downloaded fine. If I disable the iptables rule the PDF downloads instantly.

I have checked Wireshark on the Client and Server end with no luck. I have also enabled error logging within config.php and viewed the logfile there but still no luck.

Any idea where I should be looking next?

Appreciate your help.

Cheers
John

cookay · January 26, 2016, 10:01pm

Here is an an output of the logfile from the start to the end of a PDF download request.

It’s like a 2 minute timeout.

http://pastebin.com/ArbQ4MWN

cookay · January 26, 2016, 10:42pm

SOLVED

I notice the below error from the invoiceplane logfile:

ERROR - 2016-01-26 21:53:42 --> Severity: Warning  --> 
file_get_contents(https://IPSERV/invoiceplane/assets/default/css/templates.css):
 failed to open stream: Connection timed out 
/srv/http/invoiceplane/application/helpers/mpdf/mpdf.php 11442

So I commented out line 11442 of ‘mpdf.php’ and this has solved the issue! However I’m not sure what else I may have broken

// Used for external CSS files
function _get_file($path) {
        // If local file try using local path (? quicker, but also allowed even if allow_url_fopen false)
        $contents = '';
        // mPDF 5.7.3
        if (strpos($path,"//") === false ) { $path = preg_replace('/\.css\?.*$/', '.css', $path); }
// LINE 11442      $contents = @file_get_contents($path);
        if ($contents) { return $contents; }
        if ($this->basepathIsLocal) {
                $tr = parse_url($path);
                $lp=getenv("SCRIPT_NAME");
                $ap=realpath($lp);
                $ap=str_replace("\\","/",$ap);
                $docroot=substr($ap,0,strpos($ap,$lp));
                // WriteHTML parses all paths to full URLs; may be local file name
                if ($tr['scheme'] && $tr['host'] && $_SERVER["DOCUMENT_ROOT"] ) {
                        $localpath = $_SERVER["DOCUMENT_ROOT"] . $tr['path'];
                }
                // DOCUMENT_ROOT is not returned on IIS
                else if ($docroot) {
                        $localpath = $docroot . $tr['path'];
                }
                else { $localpath = $path; }
                $contents = @file_get_contents($localpath);
        }
        // if not use full URL
        else if (!$contents && !ini_get('allow_url_fopen') && function_exists("curl_init"))  {
                $ch = curl_init($path);
                curl_setopt($ch, CURLOPT_HEADER, 0);
                curl_setopt ( $ch , CURLOPT_RETURNTRANSFER , 1 );
                $contents = curl_exec($ch);
                curl_close($ch);
        }
        return $contents;
}

Kovah · January 27, 2016, 6:59am

Thank you for this information!

Kovah · January 28, 2016, 7:00am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.