[Mailman-Users] mail from GioMBG > fresh installation of mailman but Internal Server Error (only on edit some users) remain!
Jeffrey Goldberg
jeffrey at goldmark.org
Tue Jun 26 20:03:13 CEST 2007
[mailed and posted]
On Jun 26, 2007, at 10:10 AM, Gio MBG Canepa root wrote:
> Hi Mark!
> ---| Here the apache error Log: |---
> [Tue Jun 26 17:03:00 2007] [error] [client 127.0.0.1] ModSecurity:
> Access
> denied with code 500 (phase 1). Pattern match "\\\\.(?:c(?:o(?:nf
> (?:ig)?|m)|
> s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|
> sdisco)|
> a(?:s(?:ax?|cx)|xd)|s(?:html?|ql|tm|ys)|d(?:bf?|at|ll|os)|i(?:d
> [acq]|n[ci])|
> ba(?:[kt]|ckup)|res(?:ources|x)|l(?:icx|nk|og)|\\\\w{,5}~|webinfo|ht
> [rw]|
> xs ..." at REQUEST_BASENAME. [id "960035"] [msg "URL file extension is
> restricted by policy"] [severity "CRITICAL"] [hostname "home.
> 9records.com"]
> [uri "/mailman/options/mailman/alexkenji--at--alexkenji.com"]
That answers the question. Your apache add-on of mod_security is not
allowing access to any URI ending with ".com".
You may wish to disable mod_security for the mailman directory. I
don't know how to do that, having never used mod_security (which
isn't part of the normal apache distribution).
Looking at the documentation at
http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/
html-multipage/03-configuration-directives.html
it looks like setting
SecRuleEngine off
within the appropriate <Location> or <VirtualHost> of your apache
configuration should solve the problem.
But keep in mind that this is the first time I've ever looked at
mod_security, so don't put a great deal of trust in my suggestion.
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
More information about the Mailman-Users
mailing list