Hi, While testing a rails application on DreamHost (mod_rails), I found a really weird problem. If I submit form data which includes "fwrite();" (with semi-colon but without quotes), I get 503 error (Server temporarily unavailable). I checked out rails log file and it didn''t even reach the rails app. I assume the error was from web server. You may test this at http://test.codepremise.com/posts . Just add or edit a row and write "fwrite();" in the body field and submit. Any idea? Sam -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Sam Kong
2008-Jun-13 00:42 UTC
Re: String "fwrite();" causes 503 error (Passenger or apache
I just got a reply from Dreamhost tech support. It''s related to mod_security rules. ----------- It appears that the fwrite in test.codepremise.com/posts triggered one of our mod_security rules as the following is listed in your error log: [Thu Jun 12 17:16:48 2008] [error] [client 75.31.73.251] mod_security: Access denied with code 503. Pattern match "(chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|p roc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache _child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix _setuid|phpinfo)\\\\(.*\\\\)\\\\;" at POST_PAYLOAD [severity "EMERGENCY"] [hostname "test.codepremise.com"] [uri "/posts/1"] [unique_id "MZo6DEPNFE8AAFRPBTUAAAAD"] As a workaround, you can turn off mod_security for that sub-domain. Just go to https://panel.dreamhost.com/index.cgi?tree=domain.manage& , click on the Edit button under "Web Hosting" for test.codepremise.com and uncheck the box for "Extra Web Security?". -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---