Hi,
While testing a rails application on DreamHost (mod_rails), I found a
really weird problem.
If I submit form data which includes “fwrite();” (with semi-colon but
without quotes), I get 503 error (Server temporarily unavailable).
I checked out rails log file and it didn’t even reach the rails app.
I assume the error was from web server.
You may test this at http://test.codepremise.com/posts .
Just add or edit a row and write “fwrite();” in the body field and
submit.
Any idea?
Sam
I just got a reply from Dreamhost tech support.
It’s related to mod_security rules.
It appears that the fwrite in test.codepremise.com/posts triggered one
of our mod_security rules as the following is listed in your error log:
[Thu Jun 12 17:16:48 2008] [error] [client 75.31.73.251] mod_security:
Access denied with code 503. Pattern match
“(chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|p
roc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache
_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix
_setuid|phpinfo)\\(.*\\)\\;” at POST_PAYLOAD [severity
“EMERGENCY”]
[hostname “test.codepremise.com”] [uri “/posts/1”] [unique_id
“MZo6DEPNFE8AAFRPBTUAAAAD”]
As a workaround, you can turn off mod_security for that sub-domain. Just
go to Sign in · DreamHost , click
on the Edit button under “Web Hosting” for test.codepremise.com and
uncheck the box for “Extra Web Security?”.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs