500 errors

jennix · Post by **jennix** » Thu Feb 04, 2010 5:18 pm

i've tried on every joomla installation i have. I cannot post this text to ANY joomla installation. I'm about to shoot myself. I'm having this problem with every joomla instll i have. Is Joomla broken?

WHAT IS THE [removed - even semi-disguised bad language is not allowed in the forums] PROBLEM HERE?!?!?!?!?!?\

<h3>Enable Authentication in Vista Home Edition</h3>
Start the Registry Editor by selecting Start, All Programs, Accessories, Run. 
In the ‘Open’ field of the Run dialog box, type regedit and click the ‘OK’ button. 
The User Account Control system will ask for permission to continue. Click the ‘Continue’ button.

In the Registry window, expand the following: 
HKEY_LOCAL_MACHINE 
SYSTEM 
CurrentControlSet 
Control 
Lsa

In the ‘Value’ pane of the Registry Editor, check to see if the following DWORD exists: lmcompatibilitylevel. If it does, perform the following: 
Right-click lmcompatibilitylevel and select ‘Modify’ from the pop-up menu. 
Enter a Value data of 1. 
Click the ‘OK’ button

If the lmcompatibilitylevel DWORD does not exist, create a new DWORD. 
From the Registry Editor menu, select Edit, New, DWORD (32-bit) Value. 
A new DWORD called ‘New Value #1’ will be created. 
Rename the new DWORD to lmcompatibilitylevel. 
Right-click lmcompatibilitylevel and select ‘Modify’ from the pop-up menu. 
Enter a Value data of 1. 
Click the ‘OK’ button.

dhuelsmann · Post by **dhuelsmann** » Thu Feb 04, 2010 5:37 pm

http://docs.joomla.org/Why_does_some_HT ... n_1.5.8%3F

jennix · Post by **jennix** » Thu Feb 04, 2010 5:46 pm

i'm not sure what your link is supposed to help with there dhuelsmann, but this is a 500 error issue, on random postings, for no apparent reason. The site only has one user the super-admin who cannot post this quoted text.

jennix · Post by **jennix** » Thu Feb 04, 2010 5:49 pm

here's an interesting thing. after i past the information into the add article dialog, i get the 500 error, even if i click "cancel" instead of save or apply.

dhuelsmann · Post by **dhuelsmann** » Thu Feb 04, 2010 6:07 pm

jennix wrote:i'm not sure what your link is supposed to help with there dhuelsmann, but this is a 500 error issue, on random postings, for no apparent reason. The site only has one user the super-admin who cannot post this quoted text.

You know, I completely missed that you meant you were getting an HTTP Error 500 since the title seem to be about 500 errors and no where in your post body did you mention anything but how many times you couldn't post that text. Sorry about that. Try changing editors and/or templates.

jennix · Post by **jennix** » Thu Feb 04, 2010 6:16 pm

... turns out it's an obscure mod_security problem in Apache. In my case a rule was just stiff-arming me.

I had to whitelist my IP on a specific rule in mod_security, and i'll have to do it again when my ISP changes my IP.

#$%^&*()_)(*&^%$#@@!!!!!!!! <-- well disguised cursing, and i don't care if you like it or not

jennix · Post by **jennix** » Thu Feb 04, 2010 6:27 pm

Here is the exact URI that the /usr/local/apache/conf/modsec.user.conf line
that i was hitting:

#Generic SQL sigs SecRule REQUEST_URI
"!(/node/[0-9]+/edit|/forum/posting\.php|/admins/wnedit\.php|/alt_doc\.php\?returnUrl=.*edit|/admin/categories\.php\?cPath=.*|modules\.php\?name=Forums&file=posting&mode=.*)"
"chain,id:300016,rev:2,severity:2,msg:'Generic SQL injection
protection'"

SecRule ARGS
"(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)"

The procedure for whitelisting this specific rule is as follows:

1) Open up /usr/local/apache/conf/modsec2/whitelist.conf with a text editor
2) Add the following to the file:

<LocationMatch "/administrator/index.php">
SecRuleRemoveById 300016
</LocationMatch>

3) Restart Apache

Now if I only knew WTF this stupid rule was choking on, maybe i could figure out how to fix it.

epro · Post by **epro** » Mon Apr 19, 2010 4:18 am

Hi All

I get about the same error.

Here is the error I am seeing :

[Sun Apr 18 21:34:19 2010] [error] [client 99.90.77.40] ModSecurity:
Access denied with code 500 (phase 2). Pattern match
"(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\(.*from)"
at ARGS:text. [file "/usr/local/apache/conf/modsec2.user.conf"] [line
"355"] [id "300016"] [rev "2"] [msg "Generic SQL injection protection"]
[severity "CRITICAL"] [hostname "freedomreporter.com"] [uri
"/administrator/index.php"] [unique_id "S8uzG0PhuxAAAE71AYsBBBAK"]

It looks like the article I'm posting is being recognized as a
php-MySQL injection - any ideas?

Thanks
epro

skate323k137 · Post by **skate323k137** » Thu May 20, 2010 1:01 am

I work for a major web hosting company that hosts tons of joomla, drupal, and wordpress sites. ALL of these CMS'es will trip SQL injection rules in mod_security2. If you get random 500 errors, They're almost always from modsec rule ID 300013 through 300017 (cpanel world anyway).

The above poster was dead on using the locationmatch syntax in the whitelist.conf file. I do this dozens of times a day to "fix" joomla, drupal, and wordpress installs.

These modsec filter(s) deny posts containing words like "DROP, SELECT, GRANT" etc (mysql commands). I'm not sure if there's anything the dev's of these CMS'es could do to avoid this. I usually use the same rule (locationmatch for administrator/index.php for the rule ID in the apache error log) or for wordpress sites, I use something like this:

<locationmatch "/wp-admin/*">
SecRuleRemoveById 300013 300014 300015 300016 300017
</locationmatch>

If you get a 500 error when posting, and don't know how to check the apache log, CALL YOUR HOST. It will take an experienced sysadmin all of five minutes to find the 500 error(s) to your IP, and they'll be verbosely logged. The above syntax can just have the URI and rule ID(s) modified.

The worst you can be looking at is a flash uploader which may not have a rule ID to begin with. Adding a rule ID to it in modsec2.user.conf is easy, just add the "id:1000001" to the end of the line like this:

SecRule HTTP_User-Agent "^Shockwave Flash" "id:1000001"

Then add that ID number to the list in your locationmatch syntax in whitelist.conf. Happy posting!

cammrook · Post by **cammrook** » Tue Mar 08, 2011 1:53 am

After a bit of searching I fournd the following solution which worked for me:

The solution to the INTERNAL SERVER ERROR problem is uncommenting the following line in .htaccess (or in htaccess.txt if you didn’t already rename it).

# RewriteBase /

You must remove the # , thus having in your .htaccess

RewriteBase /

greeshma · Post by **greeshma** » Mon Feb 18, 2013 10:27 am

I also have the same issue on my site backend...Finally i solved it...
Add these lines to /etc/httpd/conf.d/mod_secuirity.conf

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>

save it...and restart apache...it works fine for me.
Adding these lines disable mod_secuirity engine off.I don't know if it causes secuirity problems in future..
Tnx all...

skate323k137 · Post by **skate323k137** » Mon Feb 18, 2013 5:33 pm

While this will technically "work," It's not a good idea. Don't disable mod_securty for your entire webserver. The apache error_log or the modsec audit_log or debug_log should clearly show the URL and rule ID causing an error. You should easily be able to either comment out the rule(s) causing you problems, or make site-specific exclusions.

The Joomla! Forum™

500 errors

500 errors

Re: 500 errors

Re: 500 errors

Re: 500 errors

Re: 500 errors

Re: 500 errors

Re: 500 errors

Re: 500 errors

Re: 500 errors

Re: 500 errors

Re: 500 errors

Re: 500 errors