PHP/Apache misconfigured, error 500 on file upload
Hello i have found that various content management systems hosted on cpanel server (where i have root permissions) fails to upload file (i mean standard php file upload form). Some uploads end with error 500, other says "http error" other does nothing after form submission. I tried to disable ModSecurity vendor (it does not rebuild httpd i assume) from within WHM & restart httpd, but no effect.
I have checked global php.ini (/usr/local/lib/php.ini), and know where to find httpd.conf (maybe:
/home/cpeasyapache/src/httpd-2.2/docs/conf/httpd.conf
/home/cpeasyapache/src/httpd-2.2/docs/conf/httpd.conf.in
/etc/httpd/conf/httpd.conf)
, but i do not know which variables to check. Or do you suggest to check in WHM some page please?
Apache/2.2.x
PHP 5.3.x
EA 3
-
Hello, Can you let us know the output to /usr/local/apache/logs/error_log when the 500 error code appears in your browser? Thank you. 0 -
Thank You for help, i forgot there is global apache error log file. It shows this error: ModSecurity: Input filter: Failed to delete temporary file: /root/tmp/20180309-171447-WqLBB5teQx0AABPQ8YkAAAAF-request_body-9JHRDQ [hostname "mydomain.com"> [uri "/uploadscript.php"> [unique_id "WqLBB5teQx0AABPQ8YkAAAAF"> stat /root/tmp stat /root/tmp File: `/root/tmp' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 6ch/108d Inode: 41836613 Links: 4 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2018-03-09 21:06:48.776140062 +0000 Modify: 2018-03-09 20:53:06.008897503 +0000 Change: 2018-03-09 20:53:06.008897503 +0000
Do you have any idea why it can not delete file out of sudden? I remember file upload worked in the past, even ModSecurity was enabled.. I have malware detect software scannning /tmp /var/tmp /dev/shm in realtime and also following running every 5 minutes: /usr/local/maldetect/maldet --mkpubpaths (do not know if it also scan /root/tmp) eminasif.wordpress.com/2014/01/08/error-modsecurity-input-filter-failed-to-delete-temporary-file-usrlocalsrctmp20140108-092045-usz8tmxytvoaaxlxcnwaaaaa-request_body-f8j5vc-hostname-vaspasa-co-za-uri-testindex-ph/ There seems to be suggested solution: [QUOTE]Fix:- vi vi /etc/httpd/conf/modsec2.user.conf SecUploadDir /tmp SecTmpDir /tmp
cpanel staff added above 2 lines not into mentioned .conf file but into this one, at the end of it: /usr/local/apache/conf/modsec2.user.conf and uploads started working, not sure why this issue appeared if it is not a cpanel or mod security bug.0 -
cpanel staff added above 2 lines not into mentioned .conf file but into this one, at the end of it: /usr/local/apache/conf/modsec2.user.conf and uploads started working, not sure why this issue appeared if it is not a cpanel or mod security bug.
Hello, The "SecUploadDir" value isn't defined by default. Here's a quote from the ModSecurity documentation regarding this option: [QUOTE]File upload interception slows down ModSecurity and can potentially consume a lot of disk space, so you"ll want to enable this functionality only in the places where you really need it.
Thank you.0
Please sign in to leave a comment.
Comments
3 comments