API Completely Broken After Update

Richpark

Verified User
Joined
Sep 25, 2014
Messages
55
I'm using the PHP API script, as we have for the last decade. Every single API call now fails with:

400_Bad_Request:_malformed_Host_header

How can you release these breaking changes?! Please advise, this has absolutely crippled our hosting platform. Nothing is working.
 
try add referrer to your api call
or disable referrer check in directadmin.conf

my API is working normally, I don't know how you call api
 
Thanks for trying to help me.

To try and isolate the issue, I've taken the PHP script out of it and I'm just trying to connect via the command line:

curl --request POST --user 'admin:MYPASSWORD' --data 'package=unlimited' -k https://localhost:2222/CMD_API_PACKAGES_USER

This returns the full DA login page HTML, and the header:

[x-directadmin] => Unauthorized

I can use the DA login page, enter the same username and password, and I can log in.

I just don't understand this at all.
 
I just tried the same curl command against one of my own servers, both remotely using the actual hostname, and the server IP, as well as locally on the server using localhost and 127.0.0.1, and all of these four variations give me the package specs.

Run curl with -v to see if there's any hints in the request and/or response headers, and check the Directadmin logs for clues. Perhaps also run the directadmin binary in debug mode.
 
I've resolved the immediate problems.

I use the login_pre.sh script for added security. The getenv('ip'); call for localhost usage now returns '::1' instead of '0:0:0:0:0:0:0:1'. Because the script was checking for the latter, it was refusing authentication. This seems to be an internal DA format change.

The old PHP API script, which uses "fsockopen", fails with the _malformed_Host_header error. I've resolved that by upgrading to the latest script, which uses CURL. Maybe I should have upgraded earlier, but there was no reason to as it worked just fine before this DA update.

My only remaining issue right now is that the CMD_API_POP API call is returning zeros for "usage" and "usage_bytes" instead of the actual usage values.
 
I've fixed the email quota issue by setting this in directadmin.conf:

pop_disk_usage_dovecot_quota=0

If it's set to 1, I get nothing but zeros.

DA shouldn't be forcing breaking changes on existing customers, this is just wrong.
 
I'm using the PHP API script, as we have for the last decade. Every single API call now fails with:

400_Bad_Request:_malformed_Host_header

How can you release these breaking changes?! Please advise, this has absolutely crippled our hosting platform. Nothing is working.
I had the same problem. For all other people, it's mentioned twice in this forum, but I just registered to this forum, for those (like me) who struggled for days to find the reason (and I kept on running in circles between messages: "[400_Bad_Request:_malformed_Host_header]" -> support says "remove SSL". And after removing SSL, I get error message: "DirectAdmin appears to be using SSL. Change your script to connect to ssl://"

SUMMARY
When you get the "400_Bad_Request:_malformed_Host_header" error with the DirectAdmin API, you probably have an outdated httpsocket!
Get a 3.x version of httpsocket at the directadmin server here: http://files1.directadmin.com/services/all/httpsocket/

Fixed the problem for me
 
So basically this has to work?

$sock = new HTTPSocket; if ($server_ssl == 'Y') { $sock->get("ssl://".$server_host.":".$server_port); $sock->set_login($server_login, $server_pass); } else { $sock->get("http://".$server_host.":".$server_port); $sock->set_login($server_login, $server_pass); } $sock->query('/CMD_API_ACCOUNT_USER', array( 'action' => 'create', 'add' => 'Submit', 'username' => $username,
 
@stefantriep
move "set_login" function to run before you "get or query or anything"

old script will need to use 'ssl://'
new script support ''http(s)' already
 
  • Like
Reactions: GHX
Thanks, the following works:
$sock = new HTTPSocket; $sock->connect("ssl://".$server,'2222'); $sock->set_login($server_login, $server_pass); $sock->query('/CMD_API_ACCOUNT_USER', array( 'action' => 'create', 'add' => 'Submit', 'username' => $username,
 
Back
Top