Error 403 and XAMPP Error 20024 - xampp

So I have looked at many places to try and find the answer to this but could really use some other ideas for possibly how to fix this. I have gone into the new XAMPP security concept and change the Deny to Allow
#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server- status|server-info))">
Order deny,allow
Allow from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Above is what my httpd-xampp.conf looks like at the bottom. I still am getting the 403 error on the website when I go to the localhost. So I then looked to the error log and found I am getting this error.
[Fri Oct 26 08:58:29.731458 2012] [core:error] [pid 5096:tid 1680] (20024)The given path is misformatted or contained invalid characters: [client ::1:59590] AH00127: Cannot map GET /system/%3C?echo($template. HTTP/1.1 to file
I have no idea what this means but I am running out of options. If anyone could help me or has an idea as to what might be giving me this error. I will try anything.
Thanks in advance

Alright so it turns out the problem is with XAMPP. Not sure why but when I tested this on another dev server everything worked just fine. I am guessing it has something to do with the new XAMPP Security Concept. My best answer to this would be to change the Deny to Allow in that section of your httpd-xampp.conf file. This solution worked for many people except me.

This is mostly due to Apache bug 41441. The Apache coders don't call it a bug and have closed it as WONTFIX in end of 2009. However, I am also experiencing this error on heidisql.com where I get tons of misformatted requests from spammers, harvesters and other broken clients. My error log is full of these, and I would be glad to have a way to handle such requests with a redirect or rewriterule.
Your URL does not contain a colon (:)
/system/%3C?echo($template.
... but %3C translates to "<", which is also used in Windows filesystem paths, which is why Apache is blocking that request for security reasons.

Related

Solve 500 response Laravel (Uncaught UnexpectedValueException: Laravel.log)

I have a problem with my (new/clean) Laravel (tried v5.2 and v5.5) application on Centos 7. It shows a 500 error when i visited the URL of the application with no error. I checked the log file of apache (/etc/httpd/logs/error-log.log) what contained the 2 errors bellow:
[Mon Dec 04 10:32:34.108956 2017] [:error] [pid 25889] [client 192.168.1.240:63437] PHP Fatal error: Uncaught UnexpectedValueException: The stream or file "/var/www/public/blog_project/storage/logs/laravel.log" could not be opened: failed to open stream: Permission denied in /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php:107\nStack trace:\n#0 /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Handler/AbstractProcessingHandler.php(37): Monolog\Handler\StreamHandler->write(Array)\n#1 /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Logger.php(337): Monolog\Handler\AbstractProcessingHandler->handle(Array)\n#2 /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Logger.php(616): Monolog\Logger->addRecord(400, Object(UnexpectedValueException), Array)\n#3 /var/www/public/blog_project/vendor/laravel/framework/src/Illuminate/Log/Writer.php(202): Monolog\Logger->error(Object(UnexpectedValueException), Array)\n#4 /var/www/public/blog_project/vendor/laravel/framework/src/Illuminate/Log/Writer.php(113): Illuminate\Log\Writer->writeLog('error', Object(U in /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php on line 107
&
[Mon Dec 04 10:32:34.109334 2017] [:error] [pid 25889] [client 192.168.1.240:63437] PHP Fatal error: Uncaught UnexpectedValueException: The stream or file "/var/www/public/blog_project/storage/logs/laravel.log" could not be opened: failed to open stream: Permission denied in /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php:107\nStack trace:\n#0 /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Handler/AbstractProcessingHandler.php(37): Monolog\Handler\StreamHandler->write(Array)\n#1 /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Logger.php(337): Monolog\Handler\AbstractProcessingHandler->handle(Array)\n#2 /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Logger.php(616): Monolog\Logger->addRecord(400, Object(Symfony\Component\Debug\Exception\FatalErrorException), Array)\n#3 /var/www/public/blog_project/vendor/laravel/framework/src/Illuminate/Log/Writer.php(202): Monolog\Logger->error(Object(Symfony\Component\Debug\Exception\FatalErrorException), Array)\n#4 /var/www/public/blog_project/vendor/laravel/framework/src/Illuminate/Log/Writer.p in /var/www/public/blog_project/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php on line 107
To solve these problems i Googled a lot. Solutions i found where all related to permissions so I tried to set chmod 777 to all directories and files (for test purposes, not recommended at live environment!) in /var/www/public/blog_project but this did not solve the problem.
I also found that the owner/group could be the problem (unlikely with chmod 777 but ok) so I changed the owner and group to "apache". Unfortunately this did still not solve my problem.
I also tried a "php artisan cache:clear" (suggested in some topic what described the same problem as i have)
At the moment of writing i already had found the solution (after many hours of Googling) for my problem but i still want to post this question because i could not find another question what solved my problem. I hope to help other people who have the same problem this way.
The problem was that SELinux was enabled which prevent Apache to write files even with 777 mode. It seems that SELinux is active by Centos 4 or higher by default. I also found that Fedora has SELinux activated what results in the same problem (no own experience with Fedora).
I solved the problem by disabling SELinux. For CentosOS7 id did this by editing /etc/sysconfig/selinux
and changing the line SELINUX=enforcing into SELINUX=disabled. After that i rebooted the server and the problem was solved.
I solved the problem by disabling SELinux. For CentosOS7 id did this by editing /etc/sysconfig/selinux and changing the line SELINUX=enforcing into SELINUX=disabled. After that i rebooted the server and the problem was solved.
Thanks :)
please don't disable your selinux. there is a better way to do it
See this, i posted a better way Laravel: file_put_contents() failed to open stream: Permission denied for Session folder

Debian 6 - wget failed: Connection timed out from specific URL

I try to download from a specific url using the command wget on the server Debian 6 as follows:
# wget http://ftp.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz
the result:
--2016-05-25 16: 39: 15-- http://ftp.ruby-lang.org/pub/ruby/2.1/ruby-2.1.2.tar.gz
Resolving ftp.ruby-lang.org ... 221.186.184.75
Connecting to ftp.ruby-lang.org | 221.186.184.75 |: 80 ... failed: Connection timed out.
however, if I access the url using the browser, it can be accessed with a normal ...
I know why I do not use alternative via the browser earlier.
I just want to understand the intent of the problem, which is a new thing for me ..
so, why did this happen? iptables influence or proxy or other things I really do not understand.
someone might help in solving this problem.
Thanks in advance...

(random?) 500 errors in Magento front and backend - version 1.4.1.1

i need your help once again :)
For some time now i get strange 500 errors in the front and backend of magento. I use magento 1.4.1.1.
The errors can appear everywhere, anytime. I get about 10-20 of them every day. The errorlog reads something like this:
[Wed Oct 17 16:02:19 2012] [warn] [client 93.219.97.29] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: /index.php/admin/sales_order/view/order_id/1617/
[Wed Oct 17 16:02:19 2012] [warn] [client 93.219.97.29] (104)Connection reset by peer: mod_fcgid: ap_pass_brigade failed in handle_request_ipc function, referer: http://www.xxxx.com/index.php/admin/sales_order/view/order_id/1617/
I have attached a screenshot of the error.
http://i.imgur.com/i6dvO.jpg
Do you guys have any idea what i can do? Thank you very much :)
Greets
I was receiving similar errors on 1.7.0.2 community edition on a Ubuntu 10.04 LTS LAMP server. In my case (using Virtualmin) I had incorrectly set the virtual server to run php in FastCGI as the website owner. The apache user is different from the site owner, and magento multi-site install was setup to run as that apache user.
ALSO, I had uncommented Magento's profiler inside index.php Varien_Profiler::enable();
and turned on the profiler via Magento admin panel (System->Configuration->Developer.
Commenting out the profiler object AND reversing the change to php execution mode did the trick.
See attached for the proper virtualmin setting, found in Virtualmin->Server Configuration->Website Options

Puppet + Passenger + Apache/Nginx

I'm working on a very large puppet deployment, but seem to be hitting a brick wall. My ideal setup is to use Nginx + Passenger to serve puppet. The problem I am having is that Puppet throws errors when running through passenger. If I start puppetmasterd, everything works fine, but serving through Passenger gives the following errors:
Jun 22 07:33:04 $master_hostname puppet-master[15710]: Starting Puppet master version 2.6.8
Jun 22 07:33:04 $master_hostname puppet-master[15720]: No support for http method POST
Jun 22 07:33:04 $master_hostname puppet-master[15720]: Denying access: Forbidden request: $client_hostname($client_ip) access to /report/$client_hostname [save] authenticated at line 0
Jun 22 07:33:04 $master_hostname puppet-master[15720]: Forbidden request: $client_hostname($client_ip) access to /report/$client_hostname [save] authenticated at line 0
Everything seems to point to an auth.conf problem, but my auth.conf file is about as generic as it could get, and like I said, everything works when I serve puppet using Rack directly.
Has anybody ever ran into this issue?
Sounds like this:
http://groups.google.com/group/puppet-users/browse_frm/thread/910994e88f21a497/cae809c17a9acd8a?#cae809c17a9acd8a
The concept being that you need to configure NGINX to pass information through to Puppet as it now provides the SSL layers.

Directory slash redirects? Does this still happen?

I was reading an article referenced by Jeff Atwood about Yahoo's "Best Practices" for speeding up a website, and I noticed this little gem:
One of the most wasteful redirects
happens frequently and web developers
are generally not aware of it. It
occurs when a trailing slash (/) is
missing from a URL that should
otherwise have one. For example, going
to
http://astrology.yahoo.com/astrology
results in a 301 response containing a
redirect to
http://astrology.yahoo.com/astrology/
(notice the added trailing slash).
This is fixed in Apache by using Alias
or mod_rewrite, or the DirectorySlash
directive if you're using Apache
handlers.
Does this still happen? The article is pretty old, as the web goes. I think I've been doing this for years. I don't think I've noticed this happening lately, but then again I've never really looked. Is this an Apache thing? Does IIS 7 do this?
I'm scared. Hold me.
Try it!
Here are some truncated requests run from the terminal.
curl -I http://astrology.yahoo.com/astrology
HTTP/1.0 301 Moved Permanently
Date: Tue, 21 Jun 2011 13:24:24 GMT
Location: http://shine.yahoo.com/astrology/
curl -I http://wordpress.org/extend
HTTP/1.0 301 Moved Permanently
Server: nginx
Date: Tue, 21 Jun 2011 13:26:17 GMT
Location: http://wordpress.org/extend/
Though it seems that IIS does it the other way:
curl -I http://www.iis.net/overview
HTTP/1.0 200 OK
Server: Microsoft-IIS/7.0
curl -I http://www.iis.net/overview/
HTTP/1.0 301 Moved Permanently
Location: http://www.iis.net/overview
Guess it depends how you have it configured, but it's definitely something to optimise.

Resources