Solved

Using DW with MySQL gets HTTP Error Code 500 Internal Server Error

Posted on 2008-10-24
5
784 Views
Last Modified: 2013-12-13
Some background information:

We have many sites running on PHP MySQL. All of a sudden, we started to get error 500 yesterday morning when we tried to update some records, not all of them. Our support managed to resolve it by whitelisting the domain.

PHP access the MySQL database local host, so I don't see that being anything related.

Problem:
I still get error 500 in DW when I try to test a Binding.

I can connect to the database. Be able to see the tables and items to create a record set. When I am in the record set dialog, I click the "Test" button try to see the data, immediately, I get the following error:

HTTP Error Code 500 Internal Server Error

Same error also occur if I use the DW wizard to create a dynamic table. DW can't read the field name.

I am using DW 8.0.2 but my business partner tried it on CS3 with the same problem.

We did recently implement some security script for PHP.

Thanks for any help to resolve this problem.
0
Comment
Question by:two-chez
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Roger Baklund
Comment Utility
Error 500 is a general server error, it says nothing about the cause of the error. Inspect the Apache error log, you should find a more informative error message there.
0
 

Author Comment

by:two-chez
Comment Utility
Many thanks for the pointer. Here is the error message I find:

[Sat Oct 25 13:40:00 2008] [error] [client 68.231.212.97] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\\*| |\\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\\*| |\\,]|UNION SELECT.*\\'.*\\'.*,[0-9].*INTO.*FROM)" at REQUEST_BODY. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "345"] [id "300013"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "72.52.244.213"] [uri "/_mmServerScripts/MMHTTPDB.php"] [unique_id "SQOEIEg02cUAAG7jcX4AAAAH"]

So what does this mean? We do want to select and very likely update the tables. So is there something we can do in the ModSecurity configuration? Or should we even have it?

Thanks.
0
 
LVL 39

Accepted Solution

by:
Roger Baklund earned 125 total points
Comment Utility
What it means? It's here: [msg "Generic SQL injection protection"]

You can of course do select and update in your database, this is a protection agains someone trying to update your database over the internet. That is not something you want.

I don't know ModSecurity, but it's a web application firewall, it's job is to prevent threats to your application. In this case it seems to have found a possible SQL statement in a request to a page:

[uri "/_mmServerScripts/MMHTTPDB.php"]

This is a Dreamweaver file, a connection script related to php/mysql code.

"The connection scripts are used by Dreamweaver to perform remote database connectivity when developing pages within Dreamweaver. These script files have no effect on your web pages during run-time (for example, when a visitor views your PHP pages via a web browser)."

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16515

See also:

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16566
0
 

Author Comment

by:two-chez
Comment Utility
Yes, that file seems to have triggered the error. That is a generic Dreamweaver file, I am trying to get it added to the exclude.conf on the ModSecurity configuration. My hosting company just tried to whitelist my IP and I ended up not able to access anything. I suspect there is something wrong with our ModSecurity installation. It is doing the opposite of what we want it to do.
0
 

Author Closing Comment

by:two-chez
Comment Utility
We needed up exlcuding the generic /_mmServerScripts/MMHTTPDB.php in the ModSecurity's exclude.conf and that did the trick. Thanks for the pointers.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now