The words 'Choose from' seem to be the problematic word combination, as I can insert 'all objects or those associated with a given domain' without creating the error.Choose from all objects or those associated with a given domain.
Any Ideas?
500 Internal Server Errors
Re: 500 Internal Server Errors
Inserting this phrase in any page or news item is causing a 500 internal server error on all of the website I manage. Thsi happens with or without the WYSIWYG editor on. Some sites have Pretty URL's on some don't. All sites are at 1.0.2 running on BSD Apache MySql PHP 4.4.4
Any Ideas?
Any Ideas?
Greg
Re: 500 Internal Server Errors
The server error log shows the following
Anyone have any suggestions as I have no idea what this information is telling me.[Mon Jan 15 19:06:41 2007] [error] [client 71.17.123.189] mod_security: Access denied with code 500. Pattern match "(insert[[:space:]] into. values|select.*from. [a-z|A-Z|0-9]|select. from|bulk[[:space:]] insert|union. select|convert. \\\\(.*from)" at POST_PAYLOAD [id "300016"][rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "www.gregbloor.com"] [uri "/admin/editcontent.php?content_id=18&page="]
[Mon Jan 15 19:07:20 2007] [error] [client 71.17.123.189] mod_security: Access denied with code 500. Pattern match "(insert[[:space:]] into. values|select.*from. [a-z|A-Z|0-9]|select. from|bulk[[:space:]] insert|union. select|convert. \\\\(.*from)" at POST_PAYLOAD [id "300016"][rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "www.gregbloor.com"] [uri "/admin/editcontent.php?content_id=18&page="]
[Mon Jan 15 19:07:30 2007] [error] [client 71.17.123.189] mod_security: Access denied with code 500. Pattern match "(insert[[:space:]] into. values|select.*from. [a-z|A-Z|0-9]|select. from|bulk[[:space:]] insert|union. select|convert. \\\\(.*from)" at POST_PAYLOAD [id "300016"][rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "www.gregbloor.com"] [uri "/admin/editcontent.php?content_id=18&page="]
Greg
Re: 500 Internal Server Errors
Seems to be a problem with editcontent.php.
I created a new page - no problem.
Edited the page to add some content and got the Internal Server Error.
Deleted the page.
Created a new page with the original information AND the information I tried to add using edit page - NO internal server error.
Help - I cannot edit any existing pages?
I created a new page - no problem.
Edited the page to add some content and got the Internal Server Error.
Deleted the page.
Created a new page with the original information AND the information I tried to add using edit page - NO internal server error.
Help - I cannot edit any existing pages?
Greg
Re: 500 Internal Server Errors
Why would editcontent.php produce this problem and addcontent.php does not?
Looks like I am talking to myself.
could this be part of the answer http://wiki.e107.org/?title=Security:mod_security
Looks like I am talking to myself.
could this be part of the answer http://wiki.e107.org/?title=Security:mod_security
Last edited by Greg on Thu Jan 18, 2007 1:14 am, edited 1 time in total.
Greg
-
Pierre M.
Re: 500 Internal Server Errors
Your hosting provider seems to use the webserver module "mod_security" which is denying your software (CMSms) to work as expected. May be you should inform your supplier and ask him to tune its security module accordingly.Greg wrote: The server error log shows the followingAnyone have any suggestions as I have no idea what this information is telling me.[Mon Jan 15 19:06:41 2007] [error] [client x.y.z.t] mod_security: Access denied...
PM
Re: 500 Internal Server Errors
Thanks Pierre - I contacted my hosting service and they changed the configuration of mod_security.
All is working again!
All is working again!
Greg
-
WebGirl
Re: 500 Internal Server Errors
I had a similar problem, and after 5 days of stress and drama, I finally discovered that the CHMOD of 777 needed to be changed to 755.
Hope this helps someone else!
Hope this helps someone else!
