Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP/Apache misconfigured, error 500 on file upload

Discussion in 'EasyApache' started by postcd, Mar 9, 2018.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    689
    Likes Received:
    14
    Trophy Points:
    68
    Hello i have found that various content management systems hosted on cpanel server (where i have root permissions) fails to upload file (i mean standard php file upload form). Some uploads end with error 500, other says "http error" other does nothing after form submission. I tried to disable ModSecurity vendor (it does not rebuild httpd i assume) from within WHM & restart httpd, but no effect.

    I have checked global php.ini (/usr/local/lib/php.ini), and know where to find httpd.conf (maybe:
    /home/cpeasyapache/src/httpd-2.2/docs/conf/httpd.conf
    /home/cpeasyapache/src/httpd-2.2/docs/conf/httpd.conf.in
    /etc/httpd/conf/httpd.conf)
    , but i do not know which variables to check. Or do you suggest to check in WHM some page please?

    Apache/2.2.x
    PHP 5.3.x
    EA 3
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,215
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you let us know the output to /usr/local/apache/logs/error_log when the 500 error code appears in your browser?

    Thank you.
     
  3. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    689
    Likes Received:
    14
    Trophy Points:
    68
    Thank You for help, i forgot there is global apache error log file.

    It shows this error:
    ModSecurity: Input filter: Failed to delete temporary file: /root/tmp/20180309-171447-WqLBB5teQx0AABPQ8YkAAAAF-request_body-9JHRDQ [hostname "mydomain.com"] [uri "/uploadscript.php"] [unique_id "WqLBB5teQx0AABPQ8YkAAAAF"]

    stat /root/tmp
    Code:
    stat /root/tmp
      File: `/root/tmp'
      Size: 4096            Blocks: 8          IO Block: 4096   directory
    Device: 6ch/108d        Inode: 41836613    Links: 4
    Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
    Access: 2018-03-09 21:06:48.776140062 +0000
    Modify: 2018-03-09 20:53:06.008897503 +0000
    Change: 2018-03-09 20:53:06.008897503 +0000
    Do you have any idea why it can not delete file out of sudden? I remember file upload worked in the past, even ModSecurity was enabled..

    I have malware detect software scannning /tmp /var/tmp /dev/shm in realtime and also following running every 5 minutes:
    /usr/local/maldetect/maldet --mkpubpaths (do not know if it also scan /root/tmp)

    eminasif.wordpress.com/2014/01/08/error-modsecurity-input-filter-failed-to-delete-temporary-file-usrlocalsrctmp20140108-092045-usz8tmxytvoaaxlxcnwaaaaa-request_body-f8j5vc-hostname-vaspasa-co-za-uri-testindex-ph/ There seems to be suggested solution:

    cpanel staff added above 2 lines not into mentioned .conf file but into this one, at the end of it:
    /usr/local/apache/conf/modsec2.user.conf
    and uploads started working, not sure why this issue appeared if it is not a cpanel or mod security bug.
     
    #3 postcd, Mar 9, 2018
    Last edited by a moderator: Mar 10, 2018
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,215
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The "SecUploadDir" value isn't defined by default. Here's a quote from the ModSecurity documentation regarding this option:

    Thank you.
     
Loading...

Share This Page