Moved Host, Strange SSI Error [Solved]
Greetings,
I have moved my sites to a new host on a VPS. I have a 5 user license for WHM/cPanel, there are 3 sites. All went fine with one simple exception. I've been coding for a quarter century and can't figure this one out.
Been searching for hours and not seeing a solve.
Details on the server below. This is for one of the 3 users on the account, details come from logging in as that user (cPanel, not WHM.) I do have access to WHM.
The problem: getting a content-type error from Apache2 when I know the output of this script includes content type headers.
```
[Thu Dec 21 10:59:34.717822 2023] [include:error] [pid 738483:tid 23353639089920] [client (ip address)] unable to include potential exec "/cgi-bin/articles_menu.cgi?c=name-of-the-page" in parsed file /home/(user)/public_html/name-of-the-page.shtml, content type not text/*, referer: https://www.(user).com/
```
There are some things I could try, but other than updating PHP to 8.1 (not used by this account) I'm reluctant to make any changes to the VPS instance. I'm sure it's an apache2 config but not as familiar with AlmaLinux8.
The process is SSI include, execute simple script, starts here:
```
<!--#include virtual="/cgi-bin/articles_menu.cgi?c=name-of-the-page" -->
```
The script is extremely simple and it works, and has for years, depending on what page you're on it opens and parses a plain text file and skips "name of the page" before outputting the menu like so:
```
if ($ENV{'QUERY_STRING'}) {
print "content-type: text/html\n\n";
print "$out";
}
```
As mentioned I've confirmed this works via cli and you can request the URL from a browser like
```
aitch-tee-tee-pea-ess//example.com/cgi-bin/articles_menu.cgi?c=name-of-the-page
```
When you request that URL, FF Inspector says the output headers are content-type text/html.
I have confirmed indeed $out is populated and working. Appropriate handlers are operational. Both SSI's and scripts are working fine. Reviewed the Apache docs and not seeing anything relevant.
Am I missing an Apache config that addresses "potential exec?" (I doubt that's the problem but . . . ) Does anyone have any ideas where I could look?
A few specs:
cPanel Version 116.0 (build 7)
Apache Version 2.4.58
Perl Version 5.26.3
User Defined Apache Handlers
application/x-httpd-ea-php74 .php .php7 .phtml (This site is pre-PHP, that's how old school it is)
server-parsed .html
server-parsed .shtml .html
System Apache Handlers
cgi-script .cgi .pl .plx .ppl .perl
server-parsed .shtml
-
While I can't say for sure, this sounds a lot like the issue described here:
https://stackoverflow.com/questions/42382801/unable-to-include-potential-exec
You say you don't have access to WHM, so it could be something the hosting provider needs to update in their apache config if they have
IncludesNoExec
as an option somewhere in their config which impacts the directory you are executing from?
1 -
Thank you Andy Baugh,
You say you don't have access to WHMYes, I do,
I do have access to WHM.
this sounds a lot like the issue described here:
Heh, yeah been to that one and a couple dozen others. I'm just not finding "The Apache setting XXX needs to be YYYY" :-D It's insane that I'm not finding any definitive results about this error.
I did fiddle with IncludesNoExec on/off in WHM, restarted apache between, no change, what that does (I think?) is removes include exec capability, we're not doing that in this case, just include virtual.I've been looking more at that because . . . where it occurs in mod_include is this:
```if (!error_fmt && (ctx->flags & SSI_FLAG_NO_EXEC) &&
rr->content_type && strncmp(rr->content_type, "text/", 5)) {error_fmt = "unable to include potential exec \"%s\" in parsed "
"file %s, content type not text/*";
}```
What that tells me is, someone correct me if I'm misreading it, is:
- if the bitwise shift of SS_FLAG_NOEXEC matches ctx->flags AND
- if the string comparison of rr->content->type MATCHES "text/"Throw this error. Seems like the logic is backwards, looks to me like it's saying "if the content type matches '/text' throw this error." I know the content type of the script is text/html. Tried text/plain. I even fiddled with a munged header (not text/html) and it still doesn't work. Maybe NoExec has a bigger hand in this, still looking.
0 -
Andy Baugh
Thank you again! I looked again at IncludesNoExec, enabling it causes the server to not process the include line at all (View source, include line is in source code as above.)
What solved it: in the domain .htaccess,`
Options +Includes`
The cgi script now runs and outputs the CGI script. Which is really really weird - without this option, all the other SSI's that include plain text files or other HTML files execute fine without it. I'd never have thought to look there because "ordinary includes" were already working.
1
Please sign in to leave a comment.
Comments
3 comments