CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[SOLVED] 500 error, but Sometimes yes sometimes no

https://forum.cmsmadesimple.org/viewtopic.php?t=72936

Page 1 of 1

[SOLVED] 500 error, but Sometimes yes sometimes no

Posted: Tue May 26, 2015 7:45 pm
by Sakrow
it's a little hard to explain, and more hard to understand

I have 4 templates, if i modify one of this templates with some html code:

Code: Select all

{content}
<__html>
i have a 500 error that says:
Forbidden

You don't have permission to access /domain/admin/edittemplate.php on this server.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
But this:

Code: Select all

{content}
No show error.

I do not understand because it has happened to me recently.

The rest of system works correctly.

The last changes are:

.- add Admin IP Lock module.
.- change the "admin" folder name

But in others systems works well.

I reviewed the file permissions and all ok.

I do not know what else to do, now i'm changing the templates directly in the database

EDIT

doing more tests:

if i write:

Code: Select all

{strip}
{content assign='main'}
{assign var="indent" value=""}
<!DOCTYPE html>
<__html lang="es-ES">
CMS says one jquery error:
"NetworkError: 403 Forbidden - http://domain/admin/edittemplate.php?_s ... late_id=30"
edittem...e_id=30

Sintax error


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
if i don't write

Code: Select all

<!DOCTYPE html>
<__html lang="es-ES">
The error not appears

Server: Linux, Apache
Cms Version: 1.11.13

Installed Modules:

CMSMailer: 5.2.2
CMSPrinting: 1.0.5
FileManager: 1.4.5
MenuManager: 1.8.6
MicroTiny: 1.2.9
ModuleManager: 1.5.8
News: 2.15.1
Search: 1.7.12
ThemeManager: 1.1.8
TinyMCE: 2.9.12
ListIt2: 1.4.1
CGSimpleSmarty: 1.7.4
ListIt2XLink: 1.01
ListIt2XDefs: 1.2
ListIt2Slider: 1.4.1
FormBuilder: 0.8.1.1
GBFilePicker: 1.3.3
ListIt2maquinas: 1.4.1
ListIt2piezas: 1.4.1
ListIt2Portada: 1.4.1
Gallery: 2.0.2
ListIt2listadoPDFs: 1.4.1
ListIt2certificados: 1.4.1
SEOTools2: 1.2.1
ListIt2ferias: 1.4.1
ListIt2centrosdeproduccion: 1.4.1
AdminIPLock: 1.0


Config Information:

php_memory_limit:
process_whole_template:
max_upload_size: 200000000
url_rewriting: mod_rewrite
page_extension: /
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true


Php Information:

phpversion: 5.3.10-1ubuntu3.18
md5_function: Encendido (Verdadero)
gd_version: 2
tempnam_function: Encendido (Verdadero)
magic_quotes_runtime: Apagado (Falso)
E_STRICT: 0
E_DEPRECATED: 8192
memory_limit: 128M
max_execution_time: 30
output_buffering: 4096
safe_mode: Apagado (Falso)
file_uploads: Encendido (Verdadero)
post_max_size: 200M
upload_max_filesize: 200M
session_save_path: /tmp (1777)
session_use_cookies: Encendido (Verdadero)
xml_function: Encendido (Verdadero)
xmlreader_class: Encendido (Verdadero)


Server Information:

Server Api: apache2handler
Server Db Type: MySQL (mysqli)
Server Db Version: 5.5.43

Re: 500 error, but Sometimes yes sometimes no

Posted: Tue May 26, 2015 8:02 pm
by calguy1000
This smells to me like a mod_security issue (500 and 403 errors)

Check your error logs first though in case i am wrong.

Ask your host to disable it for your site at least temporarily so that you can isolate the issue.

Re: 500 error, but Sometimes yes sometimes no

Posted: Tue May 26, 2015 8:14 pm
by Sakrow
calguy1000 wrote:This smells to me like a mod_security issue (500 and 403 errors)

Check your error logs first though in case i am wrong.

Ask your host to disable it for your site at least temporarily so that you can isolate the issue.
Thx! my hosting provider says that error occurs because cms made simple redirect more than 10 times the same URL

This is my .htaccess

Code: Select all

# BEGIN Optional settings

# Turns off directory browsing
# not absolutely essential, but keeps people from snooping around without 
# needing empty index.html files everywhere
Options -Indexes
#php_value session.cookie_httponly true

# Deny access to config.php
# This can be useful if php ever breaks or dies
# Use with caution, this may break other functions of CMSms that use a config.php
# file.  This may also break other programs you have running under your CMSms
# install that use config.php.  You may need to add another .htaccess file to those
# directories to specifically allow config.php.
<Files "config.php">
order allow,deny
deny from all
</Files>

# Sets your 403 error document
# not absolutely essential to have, 
# or you may already have error pages defined elsewhere
#ErrorDocument 403 /forbidden403.shtml

# No sense advertising what we are running
ServerSignature Off

# END Optional Settings

# BEGIN CMSMS and Rewrite Rules
# Make sure you have Options FollowSymLinks
# and Allow on

RewriteEngine On

# Might be needed in a subdirectory
RewriteBase /

# URL Filtering helps stop some hack attempts
#IF the URI contains a "http:"
RewriteCond %{QUERY_STRING} http\: [OR]
#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]
#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]
#OR if the URI contains a "<__script__>"
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
#OR script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
#OR any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) 
RewriteRule ^.*$ - [F,L] 
# END Filtering

# CMSMS Rewriting
# Set assume mod_rewrite to true in config.php and clear CMSMS cache
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
# END CMSMS
But, ¿why now? This did not happen before

EDIT

¿And why only when y write

Code: Select all

<__html>
tag?

Re: 500 error, but Sometimes yes sometimes no

Posted: Tue May 26, 2015 8:55 pm
by calguy1000
Though I don't see anything specifically wrong in the .htaccess stuff, you never know.

Remember that when using mod_rewrite if a POST request (form submission) matches any of the rules, and a rewrite is forced the request becomes a GET.

So I would try removing ALL of your custom rules temporarily and then see if the error persists. If it does not, then you know where the problem lies.

Re: 500 error, but Sometimes yes sometimes no

Posted: Tue May 26, 2015 9:03 pm
by Sakrow
All of filter deleted and the error occurs

the .htaccess now is:

Code: Select all

Options -Indexes
ServerSignature Off

<Files "config.php">
order allow,deny
deny from all
</Files>

RewriteEngine On

# Might be needed in a subdirectory
#RewriteBase /

# CMSMS Rewriting
# Set assume mod_rewrite to true in config.php and clear CMSMS cache
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
# END CMSMS

# END Rewrite rules
Can i prove something?

Re: 500 error, but Sometimes yes sometimes no

Posted: Tue May 26, 2015 9:13 pm
by Rolf
Clear cache...

Re: 500 error, but Sometimes yes sometimes no

Posted: Tue May 26, 2015 9:45 pm
by Sakrow
Rolf wrote:Clear cache...
When i change the .htaccess i do:

.- clear cache
.- repair tables
.- optimice tables
.- ...

All "site->system maintenance"

Nothing works

EDIT

Not only occurs in templates, everywhere when i have a <meta> tag or <__html> tag, SEOTools2, CGBs...if i use WYSIWYG everything ok

Re: 500 error, but Sometimes yes sometimes no

Posted: Wed Jun 24, 2015 8:44 pm
by Dr.CSS
It looks like you are trying to put the {content} tag above the <__html> tag which in my opinion is a no no...

Re: 500 error, but Sometimes yes sometimes no

Posted: Wed Jun 24, 2015 9:25 pm
by JohnnyB
@Sakrow - The .htaccess mod rewrite rules don't affect the backend URLs pattern. So, to me, it doesn't look like a mod rewrite issue in the htaccess file.
But, it could be mod security. Ask you host how to disable mod_sec for your admin directory using htaccess or by a server option. Depending upon your server versioning, you might be able to try

Code: Select all

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>
If it is not a mod sec issue, there could be file or directory permission and ownership/group assignments that are incorrect. You might ask your host to verify that they are set correctly (recursively).

[RESOLVE] Re: 500 error, but Sometimes yes sometimes no

Posted: Thu Jun 25, 2015 8:47 am
by Sakrow
JohnnyB wrote:@Sakrow - The .htaccess mod rewrite rules don't affect the backend URLs pattern. So, to me, it doesn't look like a mod rewrite issue in the htaccess file.
But, it could be mod security. Ask you host how to disable mod_sec for your admin directory using htaccess or by a server option. Depending upon your server versioning, you might be able to try

Code: Select all

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>
If it is not a mod sec issue, there could be file or directory permission and ownership/group assignments that are incorrect. You might ask your host to verify that they are set correctly (recursively).
¡Thank you! i wrote to my hosting provider. they changed their modsecurity module, now i can do all.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited