Re: Ap[ache "Internal Server Error" on some files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 6 Aug 2007, Andy Green wrote:


Starting with FC7, if I type in http://mywebserver.com/sjfdfgsx.conf
or anything that ends in .conf, I get the dreaded "internal server error":

[Sun Aug 05 12:24:57 2007] [error] [client 131.156.129.66] ModSecurity:
Access denied with code 500 (phase 1). Pattern match
"\\\\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:p
roj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:a

x?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])|ba(?:[kt]|cku

p)|res(?:ources|x)|l(?:icx|nk|og)|\\\\w{,5}~|webinfo|ht[rw]|xs ..." at
REQUEST_BASENAME. [id "960035"] [msg "URL file extension is restricted by
policy"] [severity "CRITICAL"] [hostname "mymachine.com"] [uri
"/wge.conf"] [unique_id "EkHLBIOcCC8AAGU8vbwAAAAd"]


It sounds a pretty cool feature actually, in case someone is trying to
retreive your httpd config files over the webserver itself.  But
mod_security isn't part of the base httpd, you must have installed the
mod_security package.


Yes, by accident. Removing it...


# grep webinfo /etc/httpd/* -R
/etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf:SecRule
REQUEST_BA...

If you have a look in there, you see this:

# Restrict file extension
#
# TODO the list of file extensions below are virtually always considered
unsafe
#      and not in use in any valid program. If your application uses one of
#      these extensions, please remove it from the list of blocked
extensions.
#      You may need to use ModSecurity Core Rule Set Templates to do so,
otherwise
#      comment the whole rule.
#
SecRule REQUEST_BASENAME
"\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])|ba(?:[kt]|ckup)|res(?:ources|x)|l(?:icx|nk|og)|\w{,5}~|webinfo|ht[rw]|xs[dx]|exe|key|mdb|old)$"
\
   "t:urlDecodeUni, t:lowercase, deny,log,auditlog,status:500,msg:'URL
file extension is restricted by policy', severity:'2',id:'960035'"


Don't forget to restart httpd afterwards.


Gets rid of the problem. Thank you!

*******************************************************************************
Gilbert Sebenste                                                     ********
(My opinions only!)                                                  ******
*******************************************************************************

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux