PHP/Apache misconfigured, error 500 on file upload

[postcd]

Hello i have found that various content management systems hosted on cpanel server (where i have root permissions) fails to upload file (i mean standard php file upload form). Some uploads end with error 500, other says "http error" other does nothing after form submission. I tried to disable ModSecurity vendor (it does not rebuild httpd i assume) from within WHM & restart httpd, but no effect.

I have checked global php.ini (/usr/local/lib/php.ini), and know where to find httpd.conf (maybe:
/home/cpeasyapache/src/httpd-2.2/docs/conf/httpd.conf
/home/cpeasyapache/src/httpd-2.2/docs/conf/httpd.conf.in
/etc/httpd/conf/httpd.conf)
, but i do not know which variables to check. Or do you suggest to check in WHM some page please?

Apache/2.2.x
PHP 5.3.x
EA 3

 

[cPanelMichael]

Hello,

Can you let us know the output to /usr/local/apache/logs/error_log when the 500 error code appears in your browser?

Thank you.

 

[postcd]

Thank You for help, i forgot there is global apache error log file.

It shows this error:
ModSecurity: Input filter: Failed to delete temporary file: /root/tmp/20180309-171447-WqLBB5teQx0AABPQ8YkAAAAF-request_body-9JHRDQ [hostname "mydomain.com"] [uri "/uploadscript.php"] [unique_id "WqLBB5teQx0AABPQ8YkAAAAF"]

stat /root/tmp

stat /root/tmp
  File: `/root/tmp'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 6ch/108d        Inode: 41836613    Links: 4
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2018-03-09 21:06:48.776140062 +0000
Modify: 2018-03-09 20:53:06.008897503 +0000
Change: 2018-03-09 20:53:06.008897503 +0000

Do you have any idea why it can not delete file out of sudden? I remember file upload worked in the past, even ModSecurity was enabled..

I have malware detect software scannning /tmp /var/tmp /dev/shm in realtime and also following running every 5 minutes:
/usr/local/maldetect/maldet --mkpubpaths (do not know if it also scan /root/tmp)

eminasif.wordpress.com/2014/01/08/error-modsecurity-input-filter-failed-to-delete-temporary-file-usrlocalsrctmp20140108-092045-usz8tmxytvoaaxlxcnwaaaaa-request_body-f8j5vc-hostname-vaspasa-co-za-uri-testindex-ph/ There seems to be suggested solution:

Fix:-
vi
vi /etc/httpd/conf/modsec2.user.conf
SecUploadDir /tmp
SecTmpDir /tmp

cpanel staff added above 2 lines not into mentioned .conf file but into this one, at the end of it:
/usr/local/apache/conf/modsec2.user.conf
and uploads started working, not sure why this issue appeared if it is not a cpanel or mod security bug.

 

[cPanelMichael]

cpanel staff added above 2 lines not into mentioned .conf file but into this one, at the end of it:
/usr/local/apache/conf/modsec2.user.conf
and uploads started working, not sure why this issue appeared if it is not a cpanel or mod security bug.

Hello,

The "SecUploadDir" value isn't defined by default. Here's a quote from the ModSecurity documentation regarding this option:

File upload interception slows down ModSecurity and can potentially consume a lot of disk space, so you’ll want to enable this functionality only in the places where you really need it.

Thank you.