mail from GioMBG > fresh installation of mailman but Internal Server Error (only on edit some users) remain!
Hi Mark! ---| Here the apache error Log: |--- [Tue Jun 26 17:03:00 2007] [error] [client 127.0.0.1] ModSecurity: Access denied with code 500 (phase 1). Pattern match "\\\\.(?:c(?:o(?:nf(?:ig)?|m)| s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)| a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])| ba(?:[kt]|ckup)|res(?:ources|x)|l(?:icx|nk|og)|\\\\w{,5}~|webinfo|ht[rw]| xs ..." at REQUEST_BASENAME. [id "960035"] [msg "URL file extension is restricted by policy"] [severity "CRITICAL"] [hostname "home.9records.com"] [uri "/mailman/options/mailman/alexkenji--at--alexkenji.com"] [unique_id "bOj5IH8AAAEAAA6QRT4AAAAB"] ---| end httpd error log |--- These logs are generated in /var/log/httpd/error_log by trying access here: http://home.9records.com/mailman/options/mailman/alexkenji--at--alexkenji.co...
PLUS I can write that I've removed all mailman and after I have reinstalled but... I HAVE THE SAME PROBLEM! Very strangerous! i have succesfull added the users and (for example) like in the old mailman installation If I go here: http://home.9records.com/mailman/options/mailman/alkemy--at--mbg.it I can edit the user alkemy AT mbg.it but if I go here: http://home.9records.com/mailman/options/mailman/alexkenji--at--alexkenji.co... I receive an INTERNAL SERVER ERROR!
See on the start of this message to see the httpd error_log
is possible that depend from cgi? if yes what I can control? waht I can do? many Thanks GioMBG
Gio MBG Canepa root wrote: I have a strange error only when I attempt to modify some configurations on some mailman users... I can explane better: If I go here: http://home.9records.com/mailman/options/mailman/alkemy--at--mbg.it I can edit the user alkemy AT mbg.it but if I go here: http://home.9records.com/mailman/options/mailman/alexkenji--at--alexkenji.co... I receive an INTERNAL SERVER ERROR! NB] The alkexkenji user esist and is active like the first user alkemy! I have this error when I click on the link of the user and at the same the user have the same kind of error when attemp to modify Yours mailman configuration by self...
There is some corrupt data or other problem associated with the alexkenji--at--alexkenji.com user.
I still think this is correct, but
There will be detailed error information in Mailman's 'error' log for these errors. This is the information we need to diagnose this problem.
I misunderstood the error (I was thinking it was Mailman's 'we hit a bug' message, but it's not). There may or may not be anything in Mailman's error log about this. I still think it's likely, but not guaranteed.
There will also probably be something in the apache error_log. It may or may not be more informative than "premature end of script headers".
Mark Sapiro <msapiro at value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
[mailed and posted]
On Jun 26, 2007, at 10:10 AM, Gio MBG Canepa root wrote:
That answers the question. Your apache add-on of mod_security is not
allowing access to any URI ending with ".com".
You may wish to disable mod_security for the mailman directory. I
don't know how to do that, having never used mod_security (which
isn't part of the normal apache distribution).
Looking at the documentation at
http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/ html-multipage/03-configuration-directives.html
it looks like setting
SecRuleEngine off
within the appropriate <Location> or <VirtualHost> of your apache configuration should solve the problem.
But keep in mind that this is the first time I've ever looked at
mod_security, so don't put a great deal of trust in my suggestion.
-j
-- Jeffrey Goldberg http://www.goldmark.org/jeff/
[mailed and posted]
On Jun 26, 2007, at 10:10 AM, Gio MBG Canepa root wrote:
That answers the question. Your apache add-on of mod_security is not
allowing access to any URI ending with ".com".
You may wish to disable mod_security for the mailman directory. I
don't know how to do that, having never used mod_security (which
isn't part of the normal apache distribution).
Looking at the documentation at
http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/ html-multipage/03-configuration-directives.html
it looks like setting
SecRuleEngine off
within the appropriate <Location> or <VirtualHost> of your apache configuration should solve the problem.
But keep in mind that this is the first time I've ever looked at
mod_security, so don't put a great deal of trust in my suggestion.
-j
-- Jeffrey Goldberg http://www.goldmark.org/jeff/
participants (2)
-
Gio MBG Canepa root -
Jeffrey Goldberg