[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Ap[ache "Internal Server Error" on some files

On Mon, 6 Aug 2007, Andy Green wrote:

Starting with FC7, if I type in http://mywebserver.com/sjfdfgsx.conf
or anything that ends in .conf, I get the dreaded "internal server error":

[Sun Aug 05 12:24:57 2007] [error] [client] ModSecurity:
Access denied with code 500 (phase 1). Pattern match


p)|res(?:ources|x)|l(?:icx|nk|og)|\\\\w{,5}~|webinfo|ht[rw]|xs ..." at
REQUEST_BASENAME. [id "960035"] [msg "URL file extension is restricted by
policy"] [severity "CRITICAL"] [hostname "mymachine.com"] [uri
"/wge.conf"] [unique_id "EkHLBIOcCC8AAGU8vbwAAAAd"]

It sounds a pretty cool feature actually, in case someone is trying to
retreive your httpd config files over the webserver itself.  But
mod_security isn't part of the base httpd, you must have installed the
mod_security package.

Yes, by accident. Removing it...

# grep webinfo /etc/httpd/* -R

If you have a look in there, you see this:

# Restrict file extension
# TODO the list of file extensions below are virtually always considered
#      and not in use in any valid program. If your application uses one of
#      these extensions, please remove it from the list of blocked
#      You may need to use ModSecurity Core Rule Set Templates to do so,
#      comment the whole rule.
   "t:urlDecodeUni, t:lowercase, deny,log,auditlog,status:500,msg:'URL
file extension is restricted by policy', severity:'2',id:'960035'"

Don't forget to restart httpd afterwards.

Gets rid of the problem. Thank you!

Gilbert Sebenste                                                     ********
(My opinions only!)                                                  ******

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]