Using the following code on a php5 machine running apache and mod_php causes an invalid index error as expected, but using it on php7 nginx with phpfpm does not.
<?php
$test = [];
echo $test['hello'];
Can anyone tell me why? And if there's a way to tell phpfpm php7 to actually honor the error condition?
The problem was that the person who created the docker container I was working with had set error_reporting=E_ERROR when it should have been error_reporting=E_ALL & ~E_DEPRICATED & ~E_STRICT. This prevent the invalid index error from being thrown.
Related
I am trying to implement the default setting provided by OWASP.
Link:https://www.modsecurity.org/CRS/Documentation/quickstart.html
When restarting apache I am getting eror
Syntax error on line 45 of
/etc/modsecurity/rules/REQUEST-910-IP-REPUTATION.conf: Internal Error:
Failed to add rule to the ruleset. Action 'configtest' failed. The
Apache error log may have more information. ...fail!
The code for the relevant section is
SecRule TX:DO_REPUT_BLOCK "#eq 1" \
"msg:'Request from Known Malicious Client (Based on previous traffic violations).',\
logdata:'Previous Block Reason: %{ip.reput_block_reason}',\
severity:'CRITICAL',\
id:910000,\
phase:request,\
block,\
t:none,\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
tag:'attack-reputation-ip',\
tag:'IP_REPUTATION/MALICIOUS_CLIENT',\
setvar:'tx.msg=%{rule.msg}',\
skipAfter:BEGIN_REQUEST_BLOCKING_EVAL,\
chain"
SecRule IP:REPUT_BLOCK_FLAG "#eq 1" \
"setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
setvar:tx.%{rule.id}-AUTOMATION/MALICIOUS-%{matched_var_name}=%{matched_var}"
whereas line 45 in the error refers to chain"
I don't have any idea about the syntax of these rules.
You are maybe affected by the Apache bug 55910
Handling of line wrapping is broken if "\" is the last character before buffer resizing.
[...]
This issue is also affecting ModSecurity.
Upgrade to Apache 2.4.11 to solve the issue.
I have a perl script in my cgi-bin. It first prints out the following statements
print "Status: 200 OK\nContent-Type: text/html\n\n";
It generates a html form on the terminal perfectly but when I try running it on the browser it gives the following error
Internal Server Error The server encountered an internal error or
misconfiguration and was unable to complete your request. Please
contact the server administrator at [no address given] to inform them
of the time this error occurred, and the actions you performed just
before this error.
I have enabled cgi-bin in the apache configuration, the error log prints the following error
End of script output before headers
What could be the problem and how should I resolve it
You must have the Content-Type be the first thing printed back to the screen. Also make sure the script is set as executable.
print "Status: 200 OK\nContent-Type: text/html\n\n";
Should be:
print "Content-Type: text/html\n\nStatus: 200 OK\n";
The script also needs to be executable by Apache for it to work
chmod a+x YourScript.pl
I've tested with the following script and once I fixed the permissions it works just fine. You also only need to set the status if it isn't 200 as that's the default.
#!/usr/bin/perl
use strict;
print "Status: 200\nContent-Type: text/html\n\n";
print "<p>Foo</p>";
I have the following CGI script:
#!c:\cygwin\bin\perl.exe
use CGI qw(:standard);
my $query = $CGI->new;
print header (
-type => "text/html",
-status => "404 File not found"
);
print "<b>File not found</b>";
This gives me an error:
Server error!
The server encountered an internal error and was unable to complete your request.
Error message:
End of script output before headers: test.cgi
If you think this is a server error, please contact the webmaster.
Error 500
127.0.0.1
Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31
I've looked at this (and other similar) question(s), but there the headers were not being printed, as opposed to mine.
I'm using the XAMPP Windows package with Cygwin Perl.
Can anyone help? Thanks.
I don't know why you are using $CGI instead of CGI
I think It should be
my $query = CGI->new;
tested on Linux working perfect.
So, as others have pointed out, your problem was using a variable ($CGI) where you actually needed a class name (CGI). But, in my mind, this raises two more questions.
1/ Why are you trying to create a CGI object in the first place? You are using the function-based interface to CGI (print header(...) for example) so there's no need for a CGI object.
2/ Why are you writing a CGI program in 2014? Perl web programming has moved on a long way this millennium and you seem to be stuck in the 1990s :-/
My problem is that I'm getting a 4200 error code from my pdo insert. On my computer when I was working with XAMPP it worked fine (no error) but as soon as I ported it onto the server I got this error. Could someone enlighten me or point me in the direction to get the answer. Thanks.
$add_nonce = $db->con->prepare("INSERT INTO nonces(nonce, issue_date, `used`) VALUES(:nonce, :issue_date, '0')");
$add_nonce->bindParam(':nonce', $nonce, PDO::PARAM_STR);
$issue_date = time();
$add_nonce->bindParam(':issue_date', $issue_date, PDO::PARAM_INT);
$add_nonce->execute();
Log_String("test", $add_nonce->errorCode());
$nonce_id = $db->con->lastInsertId();
return $nonce;
Instead of logging just error code, you have to tell PDO to throw exception, which contains also full error message.
$db->con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
Instead of home-brewed Log_String() function you have to tell PHP to log all errors by default, using log_errors and error_log ini directives.
Or, if on development server, just turn display_errors on.
And you will immediately know what's going wrong.
I have a PHP script that keeps stopping at the same place every time and my browser reports:
The connection to the server was reset
while the page was loading.
I have tested this on Firefox and IE, same thing happens. So, I am guessing this is an Apache/PHP config problem. Here are few things I have set.
PHP.ini
max_execution_time = 300000
max_input_time = 300000
memory_limit = 256M
Apache (httpd.conf)
Timeout 300000
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 0
Are the above correct? What can be causing this and what can I set?
I am running PHP (5.2.12.12) as a
module on Apache (2.2) on a Windows
Server 2003.
It is very likely this is an Apache or PHP issue as all browsers do the same thing. I think the script runs for exactly 10 mins (600 seconds).
I had a similar issue - turns out apache2 was segfaulting. Cause of the segfault was php5-xdebug for 5.3.2-1ubuntu4.14 on Ubuntu 10.04 LTS. Removing xdebug fixed the problem.
I also had this problem today, it turned out to be a stray break; statement in the PHP code (outside of any switch or any loop), in a function with a try...catch...finally block.
Looks like PHP crashes in this situation:
<?php
function a ()
{
break;
try
{
}
catch (Exception $e)
{
}
finally
{
}
}
This was with PHP version 5.5.5.
Differences between 2 PHP configs were indeed the root cause of the issue on my end. My app is based on the NuSOAP library.
On config 1 with PHP 5.2, it was running fine as PHP's SOAP extension was off.
On config 2 with PHP 5.3, it was giving "Connection Reset" errors as PHP's SOAP extension was on.
Switching the extension off allowed to get my app running on PHP 5.3 without having to rewrite everything.
I had an issue where in certain cases PHP 5.4 + eAccelerator = connection reset. There was no error output in any log files, and it only happened on certain URLs, which made it difficult to diagnose. Turns out it only happened for certain PHP code / certain PHP files, and was due to some incompatibilities with specific PHP code and eAccelerator. Easiest solution was to disable eAccelerator for that specific site, by adding the following to .htaccess file
php_flag eaccelerator.enable 0
php_flag eaccelerator.optimizer 0
(or equivalent lines in php.ini):
eaccelerator.enable="0"
eaccelerator.optimizer="0"
It's an old post, I know, but since I couldn't find the solution to my problem anywhere and I've fixed it, I'll share my experience.
The main cause of my problem was a file_exists() function call.
The file actually existed, but for some reason an extra forward slash on the file location ("//") that normally works on a regular browser, seems not to work in PHP. Maybe your problem is related to something similar. Hope this helps someone!
I'd try setting all of the error reporting options
-b on error batch abort
-V severitylevel
-m error_level
and sending all the output to the client
<?php
echo "<div>starting sql batch</div>\n<pre>"; flush();
passthru('sqlcmd -b -m -1 -V 11 -l 3 -E -S TYHSY-01 -d newtest201 -i "E:\PHP_N\M_Create_Log_SP.sql"');
echo '</pre>done.'; flush();
My PHP was segfaulting without any additional information as to the cause of it as well. It turned out to be two classes calling each other's magic __call() method because both of them didn't have the method being called. PHP just loops until it's out of memory. But it didn't report the usual "Allowed memory size of * bytes exhausted" message, probably because the methods are "magic".
I thought I would add my own experience as well.
I was getting the same error message, which in my case was caused by a PHP error in an exception.
The culprit was a custom exception class that did some logging internally, and a fatal error occurred in that logging mechanism. This caused the exception to not be triggered as expected, and no meaningful message to be displayed either.