I believe I'v a reasonably good solution to this problem if Drupal cannot be easily stopped from excessive ddb querying.
Use Mod Security and count 404s from an IP and deny access if exceeds a limit for a period of time:
# Initialize the counter for each new IP address
SecAction "id:2001,phase:1,nolog,pass,setvar:tx.404_counter=0"
# Check for 404 responses and increment the counter
SecRule RESPONSE_STATUS "@streq 404" \
"id:2002,phase:3,pass,nolog,setvar:ip.404_counter=+1,expirevar:ip.404_counter=60"
# Block IP if the 404 counter exceeds the limit (e.g., 5 times in 60 seconds)
SecRule IP:404_counter "@gt 5" \
"id:2003,phase:1,deny,status:403,log,msg:'Blocking IP due to excessive 404 responses (more than 5 in 60 seconds)'"
Courtesy of ChatGPT. I have not tried it yet.
I believe this is the "Post Installation" forum. It has been a while since I visited Drupal.org. Usually the modules and development forum is where the API is discussed. I have another post there with the same question. What I'm talking about is bad actors bombarding our Drupal website with a zillion URIs that do not match any of our custom modules or Drupals'. "Page Not Found (404)" errors cause Drupal to query the database. We would like to configure Drupal so it just sends a 404 response without querying the database.
I've just finished a module that does that. It even has a fingerprint/device change detector that makes people authenticate themselves again by sending a passcode to their email address.
I'm getting the same thing when I logout. The url has /?check_logged_in=1. That is what is causing the error/waring message for me.
This query data should not be in the url.
Sorry, the code is correct and is working. I'd forgotten that I renamed the database from bnc to bnc2 on my development server sometime ago. When I list the tables for bnc2 the two new tables are displayed.
It is wrong to insist that you should never use the <module name>_schema() in <module name>_update_N().
The <module name>_schema() should always define the current state of your database. In other words it should be updated after every new <module name>_update_N() is executed. <module name>_update_N() is executed ONCE and can be then removed from the <module name>.install file. Your vcs, e.g. Git, can keep track of previous changes.
You are silly and very very wrong. Today's software would not exist without OOP.
I hope you are talking about Drupal developers working on Drupal and not the rest of us using Drupal to create websites. No one in their right mind is going to want to use Docker. Why make it "official" anyway?
I found the problem. I made a Drupal sub theme of bootstrap barrio and put a weight on the old superfish library. I need to change the name to drupal-superfish.
Sorry.
This no longer occurs on my website. So thanks to whomever fixed it. I suppose it could've been the barrio theme too or maybe Drupal 10. I don't know.
I don't know what else to say. Do you have any idea how the <script src="/libraries/superfish/superfish.js?s2rxd0"></script>
tag is showing up in my pages?
I've had headaches with caching. I've flushed Drupal caches, opcache, and APCu cache. Are there any others? At one time I downloaded the superfish library and copied it to /libraries/superfish but now I believe composer takes care of that and calls it drupal-superfish.
The library_path functions in superfish.module are a little confusing. Could I patch it to force it to use only /libraries/drupal-superfish without breaking anything? If so then how? Then I could be sure it is not the module code that is doing it.
donpwinston β created an issue.
I'm getting an error in my JavaScript console: "Failed to load resource: the server responded with a status of 404 (Not Found)"
The url is: https:///libraries/superfish/superfish.js?s2jcvr
Where did this url come from?
I believe it should be:
https:///libraries/drupal-superfish/superfish.js?s2jcvr
Just upgraded to Drupal 10.1.5 and upgraded superfish to 1.7. The menus appear to be working fine.
"Always add trailing commas, if possible"
I think rules like this are silly. The PSR guidelines are sufficient. Should be just focusing on just Drupal specific things.
#6 doesn't really work. As soon as you flush the cache again the down arrows disappear again. Why doesn't some fix this? I'm using Drupal 10 and the same problem occurs.
I gave up trying to do a composer update and created a new installation in a different location. I then copied the sites/default/files directory into the directory of new installation and used composer to install all my contrib modules and libraries and copied my custom modules. Had to perform a patch for the superfish module. I have no idea what is taking them so long to put it out there so people can use composer to upgrade it.
All is good but I wish I new why my old composer installation was so hosed.
bnctest@dev-bnc4-web1(development):/var/www/html2> composer update -W
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- zendframework/zend-feed[2.11.0, ..., 2.12.0] require php ^5.6 || ^7.0 -> your php version (8.1.18) does not satisfy that requirement.
- laminas/laminas-feed[2.12.0, ..., 2.12.3] require php ^5.6 || ^7.0 -> your php version (8.1.18) does not satisfy that requirement.
- symfony-cmf/routing[1.4.0, ..., 1.4.1] require php ^5.3.9|^7.0 -> your php version (8.1.18) does not satisfy that requirement.
- laminas/laminas-feed[2.13.0, ..., 2.14.1] require php ^7.3 || ~8.0.0 -> your php version (8.1.18) does not satisfy that requirement.
- drupal/core[8.9.11, ..., 8.9.20] require php ^7.0.8 -> your php version (8.1.18) does not satisfy that requirement.
- drupal/core[9.0.10, ..., 9.0.14] require php ^7.3 -> your php version (8.1.18) does not satisfy that requirement.
- Root composer.json requires drupal/entity_reference_views_select ^1.4 -> satisfiable by drupal/entity_reference_views_select[1.4.0].
- drupal/core-recommended 10.0.2 requires drupal/core 10.0.2 -> satisfiable by drupal/core[10.0.2].
- Conclusion: don't install drupal/core 10.0.2 (conflict analysis result)
- drupal/core-recommended 10.0.3 requires drupal/core 10.0.3 -> satisfiable by drupal/core[10.0.3].
- Conclusion: don't install drupal/core 10.0.3 (conflict analysis result)
- drupal/core-recommended 10.0.4 requires drupal/core 10.0.4 -> satisfiable by drupal/core[10.0.4].
- Conclusion: don't install drupal/core 10.0.4 (conflict analysis result)
- drupal/core-recommended 10.0.5 requires drupal/core 10.0.5 -> satisfiable by drupal/core[10.0.5].
- Conclusion: don't install drupal/core 10.0.5 (conflict analysis result)
- drupal/core-recommended 10.0.6 requires drupal/core 10.0.6 -> satisfiable by drupal/core[10.0.6].
- Conclusion: don't install drupal/core 10.0.6 (conflict analysis result)
- drupal/core-recommended 10.0.7 requires drupal/core 10.0.7 -> satisfiable by drupal/core[10.0.7].
- Conclusion: don't install drupal/core 10.0.7 (conflict analysis result)
- drupal/core-recommended 10.0.8 requires drupal/core 10.0.8 -> satisfiable by drupal/core[10.0.8].
- Conclusion: don't install drupal/core 10.0.8 (conflict analysis result)
- drupal/core[8.4.0, ..., 8.9.10] require symfony-cmf/routing ^1.4 -> satisfiable by symfony-cmf/routing[1.4.0, 1.4.1].
- drupal/core[8.2.0, ..., 8.3.9] require symfony-cmf/routing ~1.4 -> satisfiable by symfony-cmf/routing[1.4.0, 1.4.1].
- drupal/core[8.8.0, ..., 8.8.12] require zendframework/zend-feed ^2.12 -> satisfiable by laminas/laminas-feed[2.12.0, ..., 2.19.0], zendframework/zend-feed[2.12.0].
- drupal/core-recommended 10.0.1 requires drupal/core 10.0.1 -> satisfiable by drupal/core[10.0.1].
- Conclusion: don't install drupal/core 10.0.1 (conflict analysis result)
- drupal/entity_reference_views_select 1.4.0 requires drupal/core ^8 || ^9 -> satisfiable by drupal/core[8.0.0, ..., 8.9.20, 9.0.0, ..., 9.5.8].
- You can only install one version of a package, so only one of these can be installed: drupal/core[8.0.0, ..., 8.9.20, 9.0.0, ..., 9.5.8, 10.0.0, ..., 10.0.8].
- You can only install one version of a package, so only one of these can be installed: drupal/core[8.1.2, ..., 8.9.20, 9.0.0, ..., 9.5.8, 10.0.0, ..., 10.0.8].
- You can only install one version of a package, so only one of these can be installed: drupal/core[8.1.8, ..., 8.9.20, 9.0.0, ..., 9.5.8, 10.0.0, ..., 10.0.8].
- You can only install one version of a package, so only one of these can be installed: drupal/core[8.7.0, ..., 8.9.20, 9.0.0, ..., 9.5.8, 10.0.0, ..., 10.0.8].
- drupal/core-recommended 10.0.0 requires drupal/core 10.0.0 -> satisfiable by drupal/core[10.0.0].
- Root composer.json requires drupal/core-recommended ^10 -> satisfiable by drupal/core-recommended[10.0.0, ..., 10.0.8].
Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
bnctest@dev-bnc4-web1(development):/var/www/html2>
composer.json:
{
"name": "drupal/legacy-project",
"description": "Project template for Drupal 9 projects with composer following drupal/drupal layout",
"type": "project",
"license": "GPL-2.0-or-later",
"homepage": "https://www.drupal.org/project/drupal",
"support": {
"docs": "https://www.drupal.org/docs/user_guide/en/index.html",
"chat": "https://www.drupal.org/node/314178"
},
"repositories": [
{
"type": "composer",
"url": "https://packages.drupal.org/8"
}
],
"require": {
"composer/installers": "^1.9",
"dompdf/dompdf": "^2.0",
"drupal/bootstrap_barrio": "^5.5",
"drupal/core-composer-scaffold": "^10",
"drupal/core-project-message": "^10",
"drupal/core-vendor-hardening": "^10",
"drupal/core-recommended": "^10",
"drupal/ctools": "^3.13",
"drupal/date_popup": "^1.3",
"drupal/entity_reference_views_select": "^1.4",
"drupal/flood_control": "^2.3",
"drupal/password_policy": "^4.0",
"drupal/pdf_generator": "^2.0.5",
"drupal/role_delegation": "^1.2"
},
"conflict": {
"drupal/drupal": "*"
},
"minimum-stability": "stable",
"prefer-stable": true,
"config": {
"sort-packages": true,
"allow-plugins": {
"composer/installers": true,
"drupal/core-composer-scaffold": true,
"drupal/core-project-message": true,
"drupal/core-vendor-hardening": true
}
},
"extra": {
"drupal-scaffold": {
"locations": {
"web-root": "./"
}
},
"installer-paths": {
"core": [
"type:drupal-core"
],
"libraries/{$name}": [
"type:drupal-library"
],
"modules/contrib/{$name}": [
"type:drupal-module"
],
"profiles/contrib/{$name}": [
"type:drupal-profile"
],
"themes/contrib/{$name}": [
"type:drupal-theme"
],
"drush/Commands/contrib/{$name}": [
"type:drupal-drush"
],
"modules/custom/{$name}": [
"type:drupal-custom-module"
],
"profiles/custom/{$name}": [
"type:drupal-custom-profile"
],
"themes/custom/{$name}": [
"type:drupal-custom-theme"
]
},
"drupal-core-project-message": {
"include-keys": [
"homepage",
"support"
],
"post-create-project-cmd-message": [
"<bg=blue;fg=white> </>",
"<bg=blue;fg=white> Congratulations, youβve installed the Drupal codebase </>",
"<bg=blue;fg=white> from the drupal/legacy-project template! </>",
"<bg=blue;fg=white> </>",
"",
"<bg=yellow;fg=black>Next steps</>:",
" * Install the site: https://www.drupal.org/docs/8/install",
" * Read the user guide: https://www.drupal.org/docs/user_guide/en/index.html",
" * Get support: https://www.drupal.org/support",
" * Get involved with the Drupal community:",
" https://www.drupal.org/getting-involved",
" * Remove the plugin that prints this message:",
" composer remove drupal/core-project-message"
]
}
}
}
Can I install Drupal 10 somewhere else and just copy the vendor directory into my docroot directory? (And then fudge around to make sure all my contrib and custom modules are supported)
I removed drush but the other problems remain:
bnctest@dev-bnc4-web1(development):/var/www/html2> composer update
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- zendframework/zend-feed[2.11.0, ..., 2.12.0] require php ^5.6 || ^7.0 -> your php version (8.1.18) does not satisfy that requirement.
- laminas/laminas-feed[2.12.0, ..., 2.12.3] require php ^5.6 || ^7.0 -> your php version (8.1.18) does not satisfy that requirement.
- symfony-cmf/routing[1.4.0, ..., 1.4.1] require php ^5.3.9|^7.0 -> your php version (8.1.18) does not satisfy that requirement.
- laminas/laminas-feed[2.13.0, ..., 2.14.1] require php ^7.3 || ~8.0.0 -> your php version (8.1.18) does not satisfy that requirement.
- drupal/core[8.9.11, ..., 8.9.20] require php ^7.0.8 -> your php version (8.1.18) does not satisfy that requirement.
- drupal/core[9.0.10, ..., 9.0.14] require php ^7.3 -> your php version (8.1.18) does not satisfy that requirement.
- Root composer.json requires drupal/entity_reference_views_select ^1.4 -> satisfiable by drupal/entity_reference_views_select[1.4.0].
- drupal/core-recommended 10.0.2 requires drupal/core 10.0.2 -> satisfiable by drupal/core[10.0.2].
- Conclusion: don't install drupal/core 10.0.2 (conflict analysis result)
- drupal/core-recommended 10.0.3 requires drupal/core 10.0.3 -> satisfiable by drupal/core[10.0.3].
- Conclusion: don't install drupal/core 10.0.3 (conflict analysis result)
- drupal/core-recommended 10.0.4 requires drupal/core 10.0.4 -> satisfiable by drupal/core[10.0.4].
- Conclusion: don't install drupal/core 10.0.4 (conflict analysis result)
- drupal/core-recommended 10.0.5 requires drupal/core 10.0.5 -> satisfiable by drupal/core[10.0.5].
- Conclusion: don't install drupal/core 10.0.5 (conflict analysis result)
- drupal/core-recommended 10.0.6 requires drupal/core 10.0.6 -> satisfiable by drupal/core[10.0.6].
- Conclusion: don't install drupal/core 10.0.6 (conflict analysis result)
- drupal/core-recommended 10.0.7 requires drupal/core 10.0.7 -> satisfiable by drupal/core[10.0.7].
- Conclusion: don't install drupal/core 10.0.7 (conflict analysis result)
- drupal/core-recommended 10.0.8 requires drupal/core 10.0.8 -> satisfiable by drupal/core[10.0.8].
- Conclusion: don't install drupal/core 10.0.8 (conflict analysis result)
- drupal/core[8.4.0, ..., 8.9.10] require symfony-cmf/routing ^1.4 -> satisfiable by symfony-cmf/routing[1.4.0, 1.4.1].
- drupal/core[8.2.0, ..., 8.3.9] require symfony-cmf/routing ~1.4 -> satisfiable by symfony-cmf/routing[1.4.0, 1.4.1].
- drupal/core[8.8.0, ..., 8.8.12] require zendframework/zend-feed ^2.12 -> satisfiable by laminas/laminas-feed[2.12.0, ..., 2.19.0], zendframework/zend-feed[2.12.0].
- drupal/core-recommended 10.0.1 requires drupal/core 10.0.1 -> satisfiable by drupal/core[10.0.1].
- Conclusion: don't install drupal/core 10.0.1 (conflict analysis result)
- drupal/entity_reference_views_select 1.4.0 requires drupal/core ^8 || ^9 -> satisfiable by drupal/core[8.0.0, ..., 8.9.20, 9.0.0, ..., 9.5.8].
- You can only install one version of a package, so only one of these can be installed: drupal/core[8.0.0, ..., 8.9.20, 9.0.0, ..., 9.5.8, 10.0.0, ..., 10.0.8].
- You can only install one version of a package, so only one of these can be installed: drupal/core[8.1.2, ..., 8.9.20, 9.0.0, ..., 9.5.8, 10.0.0, ..., 10.0.8].
- You can only install one version of a package, so only one of these can be installed: drupal/core[8.1.8, ..., 8.9.20, 9.0.0, ..., 9.5.8, 10.0.0, ..., 10.0.8].
- You can only install one version of a package, so only one of these can be installed: drupal/core[8.7.0, ..., 8.9.20, 9.0.0, ..., 9.5.8, 10.0.0, ..., 10.0.8].
- drupal/core-recommended 10.0.0 requires drupal/core 10.0.0 -> satisfiable by drupal/core[10.0.0].
- Root composer.json requires drupal/core-recommended ^10 -> satisfiable by drupal/core-recommended[10.0.0, ..., 10.0.8].
Are your users using a normal Drupal content type and add/edit page to upload the file or is it from a contrib module or your own custom module? The code could be refusing to upload the file for some reason and not giving you an informative error message. Also if you are using the Apache mod_security module and it is turned on that will override whatever is in the php.ini file or .htaccess file. It might have tighter restrictions on allowable data sizes. But in that case it will report it in the mod_security audit log. If you are using Apache look in the various httpd/logs for errors or other info.