Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Using DW with MySQL gets HTTP Error Code 500 Internal Server Error

Posted on 2008-10-24
5
787 Views
Last Modified: 2013-12-13
Some background information:

We have many sites running on PHP MySQL. All of a sudden, we started to get error 500 yesterday morning when we tried to update some records, not all of them. Our support managed to resolve it by whitelisting the domain.

PHP access the MySQL database local host, so I don't see that being anything related.

Problem:
I still get error 500 in DW when I try to test a Binding.

I can connect to the database. Be able to see the tables and items to create a record set. When I am in the record set dialog, I click the "Test" button try to see the data, immediately, I get the following error:

HTTP Error Code 500 Internal Server Error

Same error also occur if I use the DW wizard to create a dynamic table. DW can't read the field name.

I am using DW 8.0.2 but my business partner tried it on CS3 with the same problem.

We did recently implement some security script for PHP.

Thanks for any help to resolve this problem.
0
Comment
Question by:two-chez
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Roger Baklund
ID: 22799514
Error 500 is a general server error, it says nothing about the cause of the error. Inspect the Apache error log, you should find a more informative error message there.
0
 

Author Comment

by:two-chez
ID: 22804934
Many thanks for the pointer. Here is the error message I find:

[Sat Oct 25 13:40:00 2008] [error] [client 68.231.212.97] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\\*| |\\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\\*| |\\,]|UNION SELECT.*\\'.*\\'.*,[0-9].*INTO.*FROM)" at REQUEST_BODY. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "345"] [id "300013"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "72.52.244.213"] [uri "/_mmServerScripts/MMHTTPDB.php"] [unique_id "SQOEIEg02cUAAG7jcX4AAAAH"]

So what does this mean? We do want to select and very likely update the tables. So is there something we can do in the ModSecurity configuration? Or should we even have it?

Thanks.
0
 
LVL 39

Accepted Solution

by:
Roger Baklund earned 125 total points
ID: 22805429
What it means? It's here: [msg "Generic SQL injection protection"]

You can of course do select and update in your database, this is a protection agains someone trying to update your database over the internet. That is not something you want.

I don't know ModSecurity, but it's a web application firewall, it's job is to prevent threats to your application. In this case it seems to have found a possible SQL statement in a request to a page:

[uri "/_mmServerScripts/MMHTTPDB.php"]

This is a Dreamweaver file, a connection script related to php/mysql code.

"The connection scripts are used by Dreamweaver to perform remote database connectivity when developing pages within Dreamweaver. These script files have no effect on your web pages during run-time (for example, when a visitor views your PHP pages via a web browser)."

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16515

See also:

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16566
0
 

Author Comment

by:two-chez
ID: 22805470
Yes, that file seems to have triggered the error. That is a generic Dreamweaver file, I am trying to get it added to the exclude.conf on the ModSecurity configuration. My hosting company just tried to whitelist my IP and I ended up not able to access anything. I suspect there is something wrong with our ModSecurity installation. It is doing the opposite of what we want it to do.
0
 

Author Closing Comment

by:two-chez
ID: 31509758
We needed up exlcuding the generic /_mmServerScripts/MMHTTPDB.php in the ModSecurity's exclude.conf and that did the trick. Thanks for the pointers.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question