?
Solved

Using DW with MySQL gets HTTP Error Code 500 Internal Server Error

Posted on 2008-10-24
5
Medium Priority
?
807 Views
Last Modified: 2013-12-13
Some background information:

We have many sites running on PHP MySQL. All of a sudden, we started to get error 500 yesterday morning when we tried to update some records, not all of them. Our support managed to resolve it by whitelisting the domain.

PHP access the MySQL database local host, so I don't see that being anything related.

Problem:
I still get error 500 in DW when I try to test a Binding.

I can connect to the database. Be able to see the tables and items to create a record set. When I am in the record set dialog, I click the "Test" button try to see the data, immediately, I get the following error:

HTTP Error Code 500 Internal Server Error

Same error also occur if I use the DW wizard to create a dynamic table. DW can't read the field name.

I am using DW 8.0.2 but my business partner tried it on CS3 with the same problem.

We did recently implement some security script for PHP.

Thanks for any help to resolve this problem.
0
Comment
Question by:two-chez
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Roger Baklund
ID: 22799514
Error 500 is a general server error, it says nothing about the cause of the error. Inspect the Apache error log, you should find a more informative error message there.
0
 

Author Comment

by:two-chez
ID: 22804934
Many thanks for the pointer. Here is the error message I find:

[Sat Oct 25 13:40:00 2008] [error] [client 68.231.212.97] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\\*| |\\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\\*| |\\,]|UNION SELECT.*\\'.*\\'.*,[0-9].*INTO.*FROM)" at REQUEST_BODY. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "345"] [id "300013"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "72.52.244.213"] [uri "/_mmServerScripts/MMHTTPDB.php"] [unique_id "SQOEIEg02cUAAG7jcX4AAAAH"]

So what does this mean? We do want to select and very likely update the tables. So is there something we can do in the ModSecurity configuration? Or should we even have it?

Thanks.
0
 
LVL 39

Accepted Solution

by:
Roger Baklund earned 375 total points
ID: 22805429
What it means? It's here: [msg "Generic SQL injection protection"]

You can of course do select and update in your database, this is a protection agains someone trying to update your database over the internet. That is not something you want.

I don't know ModSecurity, but it's a web application firewall, it's job is to prevent threats to your application. In this case it seems to have found a possible SQL statement in a request to a page:

[uri "/_mmServerScripts/MMHTTPDB.php"]

This is a Dreamweaver file, a connection script related to php/mysql code.

"The connection scripts are used by Dreamweaver to perform remote database connectivity when developing pages within Dreamweaver. These script files have no effect on your web pages during run-time (for example, when a visitor views your PHP pages via a web browser)."

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16515

See also:

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16566
0
 

Author Comment

by:two-chez
ID: 22805470
Yes, that file seems to have triggered the error. That is a generic Dreamweaver file, I am trying to get it added to the exclude.conf on the ModSecurity configuration. My hosting company just tried to whitelist my IP and I ended up not able to access anything. I suspect there is something wrong with our ModSecurity installation. It is doing the opposite of what we want it to do.
0
 

Author Closing Comment

by:two-chez
ID: 31509758
We needed up exlcuding the generic /_mmServerScripts/MMHTTPDB.php in the ModSecurity's exclude.conf and that did the trick. Thanks for the pointers.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question