Running binaries via the apache cgi-bin - apache

I am trying to run a binary via the common gateway interface (cgi-bin). But whenever I try to access http://localhost/cgi-bin/binary from my browser I get HTTP 500 Internal error, with the following log entry in /var/log
[Sat May 26 15:31:55 2012] [error] [client 127.0.0.1] malformed header from script. Bad header=HTTP_HOST=localhost: binary
L.E.: This doesn't seem to happen if the cgi-bin object is a php script or python.

Make sure at the beginning of your code you output at least:
Content-type: text/html\n\n

Try this.
`#!/usr/pkg/bin/perl
print "Content-type: text/html\n\n";
print "<HTML>\n";
print "<BODY>\n";
print "<H1>Hello, world!</H1>\n";
print "</BODY>\n</HTML>";`
And make sure the 1st line #!/usr/pkg/bin/perl is also very important for it should fit your perl default directory.
You can use $ whereis perl to find the directory.

Related

Apache HTTPD 2.4 AH02429 error with phantom response header

I've an Apache HTTPD 2.4.37 which, since this morning, is responding with 500 and [Mon Jan 24 12:27:03.132322 2022] [http:error] [pid 3650579:tid 140496433313536] [client 10.42.0.47:53214] AH02429: Response header name '[Mon Jan 24 12' contains invalid characters, aborting request while trying to render a Perl application.
If I try to call the website with curl -v I cannot see such "header" in the response headers.
Morevoer, if I copy the conf.modules.d folder from an Apache HTTPD 2.4.6 version it then works as expected.
After some backtracking, it seems like that a request header I'm setting it's breaking the request when this is empty.
I was following https://httpd.apache.org/docs/2.4/env.html#fixheader to propagate an "invalid" (for Apache HTTPD) header and the regex used there matches even if the value of the header is empty (i.e. the header is not part of the request at all).
In such a case, for some reason the request gets broken.

Internal Server Error from perl script solved by adding "-w" to the shebang line. But Why?

I spent hours and hours trying to fix an Internal Server Error on a perl program. I distilled the program down to the very simplest, and nothing would work. In fact, here's the entire program:
#!/usr/local/bin/perl
use strict;
print "Content-type: text/html\n\n";
print <<"thepage";
<html><head><title>Test</title></head><body>
<p>help</p>
</body></html>
thepage
Couldn't get it to work. Permissions correct. Same directory where I have literally a hundred other scripts running constantly. httpd.conf fine. It runs from the command line when SSHing into the server. Error message says:
[Mon May 18 09:59:29 2020] [error] [client 98.190.183.148] (13)Permission denied: exec of '/data/www/facialsurgery/root/cgi-bin/test_print_2.pl' failed
[Mon May 18 09:59:29 2020] [error] [client 98.190.183.148] Premature end of script headers: test_print_2.pl
But I fixed it! By adding "-w" to the shebang line, so the line says:
#!/usr/local/bin/perl -w
But I have, as I mentioned, many many programs running fine without the -w.
What can I do to trace this down more, so I don't eventually run into more trouble with more important programs?? Thanks so much for any insight in this.
The error:
(13)Permission denied: exec of '/data/www/facialsurgery/root/cgi-bin/test_print_2.pl' failed
This means that the web server (Apache) wasn't able to execute the script due to a permission error. (13 is error number for Permission denied.) This has nothing to do with presence or absence of -w.[1]
First, determine as which user the web server (Apache) runs. For the remainder of this post, I'm going to assume it's the default, www-data.
Then, make sure the following file is readable (grants the r permission) and executable (x) by the www-data user (or its group):
/data/www/facialsurgery/root/cgi-bin/test_print_2.pl
This includes making sure the following directories are accessible (x) by the www-data user (or its group):
/data/www/facialsurgery/root/cgi-bin
/data/www/facialsurgery/root
/data/www/facialsurgery
/data/www
/data
If there's no problem with the permissions of those, you could also be running afoul or volume-wide limitations (e.g. noexec attribute on the value) or other security measures (e.g. SELinux restrictions)
I think that ancient systems used to treat everything after the shebang (#!) as the command to execute. On such a system, the kernel would try to execute the non-existent file /usr/local/bin/perl -w. But that would result in errno 2 (No such file or directory), and I don't believe any modern system does this.

Pmwiki can not acquire lock file

When i want to edit a page of my pmwiki, i get a screen containing this message:
PmWiki can't process your request
Cannot acquire lockfile
We are sorry for any inconvenience.
More information
Return to http://aim-bigfoot.uzh.ch/~morpho
The message in apache's error_log is
[Tue Aug 13 12:17:51.969802 2019] [php7:warn] [pid 28521] [client xxx.xxx.xxx.xxx:34994] PHP Warning: fopen(wiki.d/.flock): failed to open stream: Permission denied in /server2/home/morpho/public_html/wiki/pmwiki.php on line 579, referer: http://server1.loc.ch/~morpho/
If i delete .flock, and try again, the same error is reported.
This happens for all pages in this particular pmwiki.
The permissions for the wiki.d directory
drwxrwxrwx. 2 morpho morpho 4096 Aug 13 12:17 /server2/home/morpho/public_html/pmwiki/wiki.d/
The security context for this directory:
drwxrwxrwx. morpho morpho unconfined_u:object_r:httpd_sys_rw_content_t:s0 /server2/home/morpho/public_html/pmwiki/wiki.d/
If i disable SELinux with sudo setenforce 0, the page can be edited.
I have a second pmwiki system with the same permissions and security contexts, differing only in the user name, where editing is not a problem.
How can i make this pmwiki editable (with enforced SELinux)?
This question is not about PmWiki engine, it is about PHP writing permission on your server. The problem is that PHP is unable to create files in /wiki.d and probably other directories.
To point the problem, you can create simple php-script like:
<?php
touch( __DIR__ . '/test.file' );
?>
When executed, it should create file /test.file , but on your server this will not work, and this is a real problem to solve.
I suggest asking your hosting provider support for help to solve this problem.

Real Time Malaware scanning using Maldetect : Rejected by the approver script

I have a cPanel server with apache 2.4 and Maldetect, ClamAV. I want to have realtime malware scanner on server to block hackers from uploading malicious files on server. What i meant is when someone uploads a file, apache will invoke the scanner using mod-security 2.9 and scan the uploaded file.
If it's found as malware - should get rejected.
If it's found good file - should upload to correct destination.
I have tried to do this with following settings as described in https://www.rfxn.com/appdocs/README.maldetect
To enable upload scanning with mod_security2 you must set enable the public_scan option
in conf.maldet (public_scan=1) then add the following rules to your mod_security2
configuration. These rules are best placed in your modsec2.user.conf file on cpanel servers
or at the top of the appropraite rules file for your setup.
/usr/local/apache/conf/modsec2.user.conf (or similar mod_security2 rules file):
SecRequestBodyAccess On
SecRule FILES_TMPNAMES "#inspectFile /usr/local/maldetect/hookscan.sh" \
"id:'999999',log,auditlog,deny,severity:2,phase:2,t:none"
If using ModSecurity >=2.9, you should set 'SecTmpSaveUploadedFiles On' before the
'SecRule FILES_TMPNAMES' line.
A restart of the Apache service is required following these changes.
But the problem is all the files are getting rejected by doing this, even good files. Is there anything wrong with the above setup?
# cat /usr/local/apache/conf/modsec2.user.conf
### UPLOAD PARAMETERS BEGIN ####
SecUploadDir /tmp
SecTmpDir /tmp/
SecDataDir /tmp/
SecUploadKeepFiles RelevantOnly
### UPLOAD PARAMETERS END ####
SecRequestBodyAccess On
SecTmpSaveUploadedFiles On
SecRule FILES_TMPNAMES "#inspectFile /usr/local/maldetect/hookscan.sh" \
"id:'999999',log,auditlog,deny,severity:2,phase:2,t:none"
Following is the error in logs
[Sun Mar 05 21:11:35.936553 2017] [:error] [pid 9800] [client x.x.x.x] ModSecurity: Access denied with code 406 (phase 2). File "/tmp/20170305-211135-WLxNz#kP#rKcABIc7ZF3lAAAAAM-file-SfujtQ" rejected by the approver script "/usr/local/maldetect/hookscan.sh": Linux Malware Detect v1.5 [file "/usr/local/apache/conf/modsec2.user.conf"] [line "13"] [id "999999"] [severity "CRITICAL"] [hostname "x.x.x.x"] [uri "/test.php"] [unique_id "WLxNz#kP#rKcABIc7ZF3lAAAAAM"]
[Sun Mar 05 21:11:44.511418 2017] [:error] [pid 9526] [client x.x.x.x] ModSecurity: Access denied with code 406 (phase 2). File "/tmp/20170305-211144-WLxN2EJsvK1FL3paCDmxrgAAAAE-file-iQx2zR" rejected by the approver script "/usr/local/maldetect/hookscan.sh": Linux Malware Detect v1.5 [file "/usr/local/apache/conf/modsec2.user.conf"] [line "13"] [id "999999"] [severity "CRITICAL"] [hostname "x.x.x.x"] [uri "/test.php"] [unique_id "WLxN2EJsvK1FL3paCDmxrgAAAAE"]
I had this issue too. Problem is this line:
SecTmpSaveUploadedFiles On
Try to remove it from the rule.

Apache 2 error log only shows the error message "0"

Since a few days, my Apache 2 error log is showing a lot messages like the following (IP addresses and URIs redacted):
[Thu Dec 12 13:46:42 2013] [error] [client 111.222.333.444] 0
[Thu Dec 12 13:52:27 2013] [error] [client 222.333.444.555] 0, referer: http://www.mydomain.com/
[Thu Dec 12 13:52:27 2013] [error] [client 222.333.444.555] 0, referer: http://www.mydomain.com/
[Thu Dec 12 13:53:54 2013] [error] [client 333.444.555.666] 0, referer: http://www.mydomain.com/subdirectory/
[Thu Dec 12 13:46:42 2013] [error] [client 444.555.666.777] 0
[Thu Dec 12 13:54:07 2013] [error] [client aaaa:1111:2222:ffff::] 0, referer: http://www.otherdomain.com/subdirectory/
What is this 0? There are no other messages shown (besides sometimes some other, normal messages, but very rarely).
The IP addresses are both IPv4 and IPv6. I checked the access log for the same date/time and IP addresses. Most of the times, there was an access for the exact same moment from this IP for different URIs on my webpage. But sometimes, there wasn't an access according to the access log.
It's a shared hosting environment, so I can't access the Apache settings (but I have ssh access to my home directory if this helps). I already googled and searched the Apache documentation, but didn't found anything (it's hard to search for "0"...)
/edit: I also asked the webhoster, they said they don't know what it's causing. I cross checked it with the Apache access log, these are requests to PHP scripts (mostly Joomla), but also requests to images as well as JS and CSS files. So I assume it's not a PHP script which is causing this.
If your error_log directive is unset errors will be written in your Apache log file for current VirtualHost.
So double check your PHP configuration (php.ini) or write a simple page with phpinfo()
If this is true, you should look inside your code (may be even into index.php).
Pay attention to this: usually there are two separate php.ini files for Apache /etc/php5/apache2/php.ini and CLI configuration /etc/php5/cli/php.ini.
Please also consider that, if you want change your PHP configuration, you can use ini_set function.
ini_set('error_log', '/var/log/php/error_new.log');
Remember: the destination directory must exist and your web server (or php engine) must have all permission to write into.
error_log format is not customizable, I suspect that it can be set to some higher level: debug or trace, where it can produce additional information.
Also please take into account, that error_log contains debug info from CGI/PHP/Perl scripts, so that 'zero' can be produced by some script that executed through apache as its module.