CMS Made Simple Forums

Hi,

One of my clients is constantly receiving an HTTP Error 501 - Not Implemented when trying to submit the form on the admin/editcontent.php page while editing a page of his website. This occurs after he clicks the Submit or the Apply buttons. Therefore it is currently impossible for him to update the website. The client receives the error both on IE7 and FF3.

I am not experiencing this problem when trying to do the same. Everything works flawlessly on my side.

I have never heard of HTTP Error 501 before. I am unsure at what level (client-side, application (CMSMS), file system (permissions), web server, etc.) the error occurs.

The latest version of CMS Made Simple is being used (1.5.3). CMSMS is installed on a web host that I manage (it is not a dedicated server therefore I do not have complete access to the server itself). Web server used is Apache 2.2.8 on Linux. PHP version 5.2.5, MySQL version 5.0.45.

If anyone has a clue how this could be fixed it would be highly appreciated!

Thanks

-4h34d

4h34d wrote: I am not experiencing this problem when trying to do the same. Everything works flawlessly on my side.
..................................
If anyone has a clue how this could be fixed it would be highly appreciated!

If you have not this, probably is your client that has problems.
Has firewall, proxy, whatever that reconnet your client?
Have you check your server error logs (all HTTP error are logged)?

Alby

I've checked the error logs as you've mentioned and effectively there's a line for each of these errors.

[Mon Mar 23 13:04:04 2009] [error] [client ***.***.***.***] ModSecurity: Access denied with code 501 (phase 2). Pattern match "http:\\/\\/[\\w\\.]+?\\/.*?\\.pdf\\b[^\\x0d\\x0a]*#" at ARGS:content_en. [file "/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf"] [line "193"] [id "950018"] [msg "Persistent Universal PDF XSS attack"] [severity "CRITICAL"] [tag "WEB_ATTACK/UPDF_XSS"] [hostname "*******************"] [uri "/admin/editcontent.php"] [unique_id "***********************"]

* client, hostname and unique_id were removed.

I was wrong in the first post, I do get the same error as my client. This happens on pages that link to PDF documents, which I hadn't tested.

So It seems like this has to do with the web server config, right?

Try relaxing mod_security policy on the webserver.

Pierre M.

4h34d wrote: I was wrong in the first post, I do get the same error as my client. This happens on pages that link to PDF documents, which I hadn't tested.

This was important for tracking

4h34d wrote:

[Mon Mar 23 13:04:04 2009] [error] [client ***.***.***.***] ModSecurity: Access denied with code 501 (phase 2). Pattern match "http:\\/\\/[\\w\\.]+?\\/.*?\\.pdf\\b[^\\x0d\\x0a]*#" at ARGS:content_en. [file "/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf"] [line "193"] [id "950018"] [msg "Persistent Universal PDF XSS attack"] [severity "CRITICAL"] [tag "WEB_ATTACK/UPDF_XSS"] [hostname "*******************"] [uri "/admin/editcontent.php"] [unique_id "***********************"]

Send this information to your provider with exact URL send to server (it's a POST but you can retrieve with some addons of FF)

Alby

Thanks for your help!

Problem was indeed server side related. It had to do with the modsecurity module in the web server configuration. An update occured which made the rules more strict and therefore made the CMSms web site unusable. I have contacted my hosting provider and they have fixed it, everything works great now.