[Mailman-Users] mail from GioMBG > fresh installation of mailman but Internal Server Error (only on edit some users) remain!

Jeffrey Goldberg jeffrey at goldmark.org
Tue Jun 26 20:03:13 CEST 2007

[mailed and posted]

On Jun 26, 2007, at 10:10 AM, Gio MBG Canepa root wrote:

> Hi  Mark!
> ---| Here the apache error Log: |---
> [Tue Jun 26 17:03:00 2007] [error] [client] ModSecurity:  
> Access
> denied with code 500 (phase 1). Pattern match "\\\\.(?:c(?:o(?:nf 
> (?:ig)?|m)|
> s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?| 
> sdisco)|
> a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d 
> [acq]|n[ci])|
> ba(?:[kt]|ckup)|res(?:ources|x)|l(?:icx|nk|og)|\\\\w{,5}~|webinfo|ht 
> [rw]|
> xs ..." at REQUEST_BASENAME. [id "960035"] [msg "URL file extension is
> restricted by policy"] [severity "CRITICAL"] [hostname "home. 
> 9records.com"]
> [uri "/mailman/options/mailman/alexkenji--at--alexkenji.com"]

That answers the question.  Your apache add-on of mod_security is not  
allowing access to any URI ending with ".com".

You may wish to disable mod_security for the mailman directory.  I  
don't know how to do that, having never used mod_security (which  
isn't part of the normal apache distribution).

Looking at the documentation at


it looks like setting

   SecRuleEngine off

within the appropriate <Location> or <VirtualHost>  of your apache
configuration should solve the problem.

But keep in mind that this is the first time I've ever looked at  
mod_security, so don't put a great deal of trust in my suggestion.


Jeffrey Goldberg                        http://www.goldmark.org/jeff/

More information about the Mailman-Users mailing list