Skip to main content

Moved Host, Strange SSI Error [Solved]

Comments

3 comments

  • Andy Baugh cPanel Staff

    While I can't say for sure, this sounds a lot like the issue described here:

    https://stackoverflow.com/questions/42382801/unable-to-include-potential-exec

    You say you don't have access to WHM, so it could be something the hosting provider needs to update in their apache config if they have 

    IncludesNoExec

    as an option somewhere in their config which impacts the directory you are executing from?

    1
  • Bill S

    Thank you Andy Baugh,

    You say you don't have access to WHM

    Yes, I do,

    I do have access to WHM.

    this sounds a lot like the issue described here:

    Heh, yeah been to that one and a couple dozen others. I'm just not finding "The Apache setting XXX needs to be YYYY" :-D It's insane that I'm not finding any definitive results about this error.

    I did fiddle with IncludesNoExec on/off in WHM, restarted apache between, no change, what that does (I think?) is removes include exec capability, we're not doing that in this case, just include virtual.

    I've been looking more at that because . . .  where it occurs  in mod_include is this:

    ```

            if (!error_fmt && (ctx->flags & SSI_FLAG_NO_EXEC) &&
                rr->content_type && strncmp(rr->content_type, "text/", 5)) {

                error_fmt = "unable to include potential exec \"%s\" in parsed "
                            "file %s, content type not text/*";
            }

    ```
    What that tells me is, someone correct me if I'm misreading it, is:
    - if the bitwise shift of SS_FLAG_NOEXEC matches ctx->flags AND
    - if the string comparison of rr->content->type MATCHES "text/"

    Throw this error. Seems like the logic is backwards, looks to me like it's saying "if the content type matches '/text' throw this error."  I know the content type of the script is text/html. Tried text/plain. I even fiddled with a munged header (not text/html) and it still doesn't work. Maybe NoExec has a bigger hand in this, still looking.

     

    0
  • Bill S

    Andy Baugh

    Thank you again! I looked again at IncludesNoExec, enabling it causes the server to not process the include line at all (View source, include line is in source code as above.)

    What solved it: in the domain .htaccess,

    `
    Options +Includes

    `

    The cgi script now runs and outputs the CGI script. Which is really really weird - without this option, all the other SSI's that include plain text files or other HTML files execute fine without it. I'd never have thought to look there because "ordinary includes" were already working.

     

    1

Please sign in to leave a comment.