?
Solved

Using DW with MySQL gets HTTP Error Code 500 Internal Server Error

Posted on 2008-10-24
5
Medium Priority
?
793 Views
Last Modified: 2013-12-13
Some background information:

We have many sites running on PHP MySQL. All of a sudden, we started to get error 500 yesterday morning when we tried to update some records, not all of them. Our support managed to resolve it by whitelisting the domain.

PHP access the MySQL database local host, so I don't see that being anything related.

Problem:
I still get error 500 in DW when I try to test a Binding.

I can connect to the database. Be able to see the tables and items to create a record set. When I am in the record set dialog, I click the "Test" button try to see the data, immediately, I get the following error:

HTTP Error Code 500 Internal Server Error

Same error also occur if I use the DW wizard to create a dynamic table. DW can't read the field name.

I am using DW 8.0.2 but my business partner tried it on CS3 with the same problem.

We did recently implement some security script for PHP.

Thanks for any help to resolve this problem.
0
Comment
Question by:two-chez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Roger Baklund
ID: 22799514
Error 500 is a general server error, it says nothing about the cause of the error. Inspect the Apache error log, you should find a more informative error message there.
0
 

Author Comment

by:two-chez
ID: 22804934
Many thanks for the pointer. Here is the error message I find:

[Sat Oct 25 13:40:00 2008] [error] [client 68.231.212.97] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\\*| |\\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\\*| |\\,]|UNION SELECT.*\\'.*\\'.*,[0-9].*INTO.*FROM)" at REQUEST_BODY. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "345"] [id "300013"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "72.52.244.213"] [uri "/_mmServerScripts/MMHTTPDB.php"] [unique_id "SQOEIEg02cUAAG7jcX4AAAAH"]

So what does this mean? We do want to select and very likely update the tables. So is there something we can do in the ModSecurity configuration? Or should we even have it?

Thanks.
0
 
LVL 39

Accepted Solution

by:
Roger Baklund earned 375 total points
ID: 22805429
What it means? It's here: [msg "Generic SQL injection protection"]

You can of course do select and update in your database, this is a protection agains someone trying to update your database over the internet. That is not something you want.

I don't know ModSecurity, but it's a web application firewall, it's job is to prevent threats to your application. In this case it seems to have found a possible SQL statement in a request to a page:

[uri "/_mmServerScripts/MMHTTPDB.php"]

This is a Dreamweaver file, a connection script related to php/mysql code.

"The connection scripts are used by Dreamweaver to perform remote database connectivity when developing pages within Dreamweaver. These script files have no effect on your web pages during run-time (for example, when a visitor views your PHP pages via a web browser)."

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16515

See also:

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16566
0
 

Author Comment

by:two-chez
ID: 22805470
Yes, that file seems to have triggered the error. That is a generic Dreamweaver file, I am trying to get it added to the exclude.conf on the ModSecurity configuration. My hosting company just tried to whitelist my IP and I ended up not able to access anything. I suspect there is something wrong with our ModSecurity installation. It is doing the opposite of what we want it to do.
0
 

Author Closing Comment

by:two-chez
ID: 31509758
We needed up exlcuding the generic /_mmServerScripts/MMHTTPDB.php in the ModSecurity's exclude.conf and that did the trick. Thanks for the pointers.
0

Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question