JcDenis/zoneclearFeedServer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Erreur 500 après activation #2

New issue
Closed
opened 2023-05-22 12:29:07 +00:00 by Feuilledethe · 3 comments
Feuilledethe commented 2023-05-22 12:29:07 +00:00 (Migrated from github.com)
Copy link

Bonjour
A chaque tentative d'activation du plugin, j'ai pages blanches et erreurs http 500 côté administration et public. Obligation de désactiver le plugin pour retrouver un fonctionnement normal. Pas d'erreur PHP visible (aucune info côté ErrorLogger).

Version plugin 2023.05.13
Dotclear 2.26 multiblog
PHP 8.1
OVHcloud mutualisé

Console d'erreur côté OVH :

Details

Mon May 22 01:24:39 2023] [error] [client 185.220.101.50] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "feuilledethe.fr"] [uri "/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt"] [unique_id "ZGqoN7aVjM3FJZGQHZ3z6wAAAG4"]
[Mon May 22 02:53:40 2023] [error] [client 54.36.149.47] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig
[Mon May 22 02:46:41 2023] [error] [client 54.36.148.1] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig
[Mon May 22 03:53:43 2023] [error] [client 114.119.156.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\b(\d+) ?(?:=|<>|<=>|<|>|!=) ?\1\b|[\'"\\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98](\\d+)[\\'"\\\\xc2\xb4\\xe2\x80\x99\\xe2\x80\x98] ?(?:=|<>|<=>|<|>|!=) ?\'"\\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]\\2\\b|[\\'"\\\\xc2\xb4\\xe2\x80\x98[\'"\\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98] ?(?:=|<>|<=>|<|>|!=) ?[\\'"\\\\xc2\xb4\\xe2\x80\x99\\xe2\x80\x98]\3\b|([\'"\;\\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]*)?\\s+(and|or)\\s+([\\s\\'"\\ ..." at REQUEST_FILENAME. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "425"] [id "950901"] [rev "2.1.1"] [msg "SQL Injection Attack"] [data " and unordered lists"] [severity "CRITICAL"] [hostname "feuilledethe.fr"] [uri "/all-blogs/plugins/formatting-markdown/lib/test/resources/markdown.mdtest/Ordered and unordered lists.text"] [unique_id "ZGrLJ1s5pn2lEUFb9O28PAAAAAQ"]
[Mon May 22 05:06:14 2023] [error] [client 114.119.151.128] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\b(\d+) ?(?:=|<>|<=>|<|>|!=) ?\1\b|[\'"\\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98](\\d+)[\\'"\\\\xc2\xb4\\xe2\x80\x99\\xe2\x80\x98] ?(?:=|<>|<=>|<|>|!=) ?\'"\\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]\\2\\b|[\\'"\\\\xc2\xb4\\xe2\x80\x98[\'"\\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98] ?(?:=|<>|<=>|<|>|!=) ?[\\'"\\\\xc2\xb4\\xe2\x80\x99\\xe2\x80\x98]\3\b|([\'"\;\\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]*)?\\s+(and|or)\\s+([\\s\\'"\\ ..." at REQUEST_FILENAME. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "425"] [id "950901"] [rev "2.1.1"] [msg "SQL Injection Attack"] [data " and ULs"] [severity "CRITICAL"] [hostname "feuilledethe.fr"] [uri "/all-blogs/plugins/formatting-markdown/lib/test/resources/php-markdown.mdtest/Mixed OLs and ULs.xhtml"] [unique_id "ZGrcJpUYlJcJgzyeJTObNQAAAEA"]
[Mon May 22 05:26:49 2023] [error] [client 2a01:e0a:210:ffa0:c096:cbe4:a059:5ede] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig
[Mon May 22 10:41:19 2023] [error] [client 195.191.219.131] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig
[Mon May 22 12:46:38 2023] [error] [client 54.37.63.15] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig
[Mon May 22 13:50:15 2023] [error] [client 16.16.255.131] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig
[Mon May 22 13:53:34 2023] [error] [client 16.16.255.131] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig

Thèmes "Ductile" et plugin "Markdown" supprimés sans changement de comportement lors de l'activation du plugin FeedServer.

Bonjour A chaque tentative d'activation du plugin, j'ai pages blanches et erreurs http 500 côté administration et public. Obligation de désactiver le plugin pour retrouver un fonctionnement normal. Pas d'erreur PHP visible (aucune info côté ErrorLogger). Version plugin 2023.05.13 Dotclear 2.26 multiblog PHP 8.1 OVHcloud mutualisé Console d'erreur côté OVH : <details><summary>Details</summary> <p> Mon May 22 01:24:39 2023] [error] [client 185.220.101.50] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "65"] [id "960009"] [rev "2.1.1"] [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "feuilledethe.fr"] [uri "/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt"] [unique_id "ZGqoN7aVjM3FJZGQHZ3z6wAAAG4"] [Mon May 22 02:53:40 2023] [error] [client 54.36.149.47] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig [Mon May 22 02:46:41 2023] [error] [client 54.36.148.1] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig [Mon May 22 03:53:43 2023] [error] [client 114.119.156.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\b(\\d+) ?(?:=|<>|<=>|<|>|!=) ?\\1\\b|[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98](\\d+)[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98] ?(?:=|<>|<=>|<|>|!=) ?[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]\\2\\b|[\\'"\\`\\\xc2\xb4\\\xe2\x80\x98](\\w+)[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98] ?(?:=|<>|<=>|<|>|!=) ?[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]\\3\\b|([\\'"\\;\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]*)?\\s+(and|or)\\s+([\\s\\'"\\` ..." at REQUEST_FILENAME. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "425"] [id "950901"] [rev "2.1.1"] [msg "SQL Injection Attack"] [data " and unordered lists"] [severity "CRITICAL"] [hostname "feuilledethe.fr"] [uri "/all-blogs/plugins/formatting-markdown/lib/test/resources/markdown.mdtest/Ordered and unordered lists.text"] [unique_id "ZGrLJ1s5pn2lEUFb9O28PAAAAAQ"] [Mon May 22 05:06:14 2023] [error] [client 114.119.151.128] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\b(\\d+) ?(?:=|<>|<=>|<|>|!=) ?\\1\\b|[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98](\\d+)[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98] ?(?:=|<>|<=>|<|>|!=) ?[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]\\2\\b|[\\'"\\`\\\xc2\xb4\\\xe2\x80\x98](\\w+)[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98] ?(?:=|<>|<=>|<|>|!=) ?[\\'"\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]\\3\\b|([\\'"\\;\\`\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98]*)?\\s+(and|or)\\s+([\\s\\'"\\` ..." at REQUEST_FILENAME. [file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "425"] [id "950901"] [rev "2.1.1"] [msg "SQL Injection Attack"] [data " and ULs"] [severity "CRITICAL"] [hostname "feuilledethe.fr"] [uri "/all-blogs/plugins/formatting-markdown/lib/test/resources/php-markdown.mdtest/Mixed OLs and ULs.xhtml"] [unique_id "ZGrcJpUYlJcJgzyeJTObNQAAAEA"] [Mon May 22 05:26:49 2023] [error] [client 2a01:e0a:210:ffa0:c096:cbe4:a059:5ede] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig [Mon May 22 10:41:19 2023] [error] [client 195.191.219.131] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig [Mon May 22 12:46:38 2023] [error] [client 54.37.63.15] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig [Mon May 22 13:50:15 2023] [error] [client 16.16.255.131] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig [Mon May 22 13:53:34 2023] [error] [client 16.16.255.131] [host feuilledethe.fr] AH01630: client denied by server configuration: /homez.647/feuilledq/.ovhconfig </p> </details> Thèmes "Ductile" et plugin "Markdown" supprimés sans changement de comportement lors de l'activation du plugin FeedServer.
JcDenis commented 2023-05-22 18:41:35 +00:00 (Migrated from github.com)
Copy link

Alors l'erreur première que tu détailles parle d'URL vers "wp-xxx" ce qui n'a rien à voir avec le plugin zoneclearFeedServer, et pas bien plus avancé par la suite de ce détail !

Je vais refaire un tour du code pour voir si je trouve qqch qui cloche.

Alors l'erreur première que tu détailles parle d'URL vers "wp-xxx" ce qui n'a rien à voir avec le plugin zoneclearFeedServer, et pas bien plus avancé par la suite de ce détail ! Je vais refaire un tour du code pour voir si je trouve qqch qui cloche.
Feuilledethe commented 2023-05-23 10:32:16 +00:00 (Migrated from github.com)
Copy link

Je suis d'accord que les logs fournis ne sont pas des plus utiles, mais, c'est tout ce que j'ai sous la main actuellement.
Si besoin, j'ai un dotclear de tests que je peux mettre à disposition (même hébergeur, bdd, php, mais version 2.26.0-p20230521.1137)

Je suis d'accord que les logs fournis ne sont pas des plus utiles, mais, c'est tout ce que j'ai sous la main actuellement. Si besoin, j'ai un dotclear de tests que je peux mettre à disposition (même hébergeur, bdd, php, mais version 2.26.0-p20230521.1137)
Feuilledethe commented 2023-05-24 09:35:50 +00:00 (Migrated from github.com)
Copy link

Plugin activé sur le blog, erreur http 500 sur les pages d'administration, page d'accueil publique encore accessible, mais erreur http 500 sur les billets :
https://feuilledethe.fr/Carnet/index.php/

Dotclear 2.26.0-p20230523.1105
Infos système
Version de PHP : 8.1.16
Gestionnaire de base de données : mysqli version 5.7.42 avec la syntaxe mysql
Niveau de rapport d'erreur PHP : 32759 = E_USER_DEPRECATED, E_DEPRECATED, E_RECOVERABLE_ERROR, E_STRICT, E_USER_NOTICE, E_USER_WARNING, E_USER_ERROR, E_COMPILE_WARNING, E_COMPILE_ERROR, E_CORE_WARNING, E_CORE_ERROR, E_PARSE, E_WARNING, E_ERROR
Cache PHP : Aucun
Dossier temporaire :/tmp
Plugin activé sur le blog, erreur http 500 sur les pages d'administration, page d'accueil publique encore accessible, mais erreur http 500 sur les billets : https://feuilledethe.fr/Carnet/index.php/ ``` Dotclear 2.26.0-p20230523.1105 Infos système Version de PHP : 8.1.16 Gestionnaire de base de données : mysqli version 5.7.42 avec la syntaxe mysql Niveau de rapport d'erreur PHP : 32759 = E_USER_DEPRECATED, E_DEPRECATED, E_RECOVERABLE_ERROR, E_STRICT, E_USER_NOTICE, E_USER_WARNING, E_USER_ERROR, E_COMPILE_WARNING, E_COMPILE_ERROR, E_CORE_WARNING, E_CORE_ERROR, E_PARSE, E_WARNING, E_ERROR Cache PHP : Aucun Dossier temporaire :/tmp ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v2023.11.04
v2023.10.18
v2023.08.20
v2023.08.16
Labels
Clear labels   
bug

Something isn't working

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
wontfix

This will not be worked on

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: JcDenis/zoneclearFeedServer#2
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?