Go to main content

Navigation menu

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » Archives
  3. » bad request error when getting started with pages

Pages: 1

#1 2009-02-22 15:04:57

daphna
Member
Registered: 2009-02-22
Posts: 18

bad request error when getting started with pages

Hi,
just dloaded and installed textpattern.

following the getting started instructions from the textbook wiki (http://textbook.textpattern.net/wiki/index.php?title=Textpattern_First_Steps#Task_4_-_Set_Defaults_For_Testing)

when trying to “copy the page as defaultpage” my error happens

when i press the “copy” button, what i get is this :
________________________________________________
title of page is: “400 Bad Request” /

Bad Request Your browser sent a request that this server could not understand.

Client sent malformed Host header
————————————————————-
Web Server at justatest.org

________________________________________________

Does anyone know how to overcome this?
thanks in advance.
daphna

Offline

#2 2009-02-22 18:54:19

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: bad request error when getting started with pages

Check your webserver error/access logs for clues. Could be a mod_security issue.

Offline

#3 2009-02-23 08:25:39

daphna
Member
Registered: 2009-02-22
Posts: 18

Re: bad request error when getting started with pages

hi, thx.

the server support guy says indeed it seems that this is the issue, he suggested that i post this from the error log, and maybe you would be able to help, cause he said these security setting on the server are usually unchangeable…

so here is a chunk of the error log code…(the *** are obviously instead of the name)

__________________________________________

Mon Feb 23 08:41:38 2009] [error] [client 193.37.128.111] ModSecurity: Access denied with code 400 (phase 2). Pattern match “(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.01)|<(?:html|meta)\\\\b)” at ARGS:html. [id “950911”] [msg “HTTP Response Splitting Attack. Matched signature <<html>”] [severity “ALERT”] [hostname “******.co.il”] [uri “/textpattern/index.php”] [unique_id “S2kdm38AAAEAAEWRIw8AAAAR”]
[Mon Feb 23 08:56:07 2009] [error] [client 193.37.128.111] ModSecurity: Warning. Pattern match “(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?: …” at ARGS:html. [id “950004”] [msg “Cross-site Scripting (XSS) Attack. Matched signature <<meta>”] [severity “CRITICAL”] [hostname “******.co.il”] [uri “/textpattern/index.php”] [unique_id “fyy8lH8AAAEAAEWSJX8AAAAS”]
[Mon Feb 23 08:56:07 2009] [error] [client 193.37.128.111] ModSecurity: Warning. Pattern match “(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?: …” at ARGS:html. [id “950004”] [msg “Cross-site Scripting (XSS) Attack. Matched signature <<meta>”] [severity “CRITICAL”] [hostname “******.co.il”] [uri “/textpattern/index.php”] [unique_id “fyy8lH8AAAEAAEWSJX8AAAAS”]

__________________________________________

:-/? thanks

Offline

#4 2009-02-23 14:15:35

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: bad request error when getting started with pages

Try putting this in a .htaccess file within the textpattern directory:

<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>

Offline

#5 2009-02-23 15:11:47

daphna
Member
Registered: 2009-02-22
Posts: 18

Re: bad request error when getting started with pages

i tried but i still get this error :(

____________________

[Mon Feb 23 15:49:44 2009] [error] [client 193.37.128.111] ModSecurity: Access denied with code 400 (phase 2). Pattern match “(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.01)|<(?:html|meta)\\\\b)” at ARGS:html. [id “950911”] [msg “HTTP Response Splitting Attack. Matched signature <<html>”] [severity “ALERT”] [hostname “*****.co.il”] [uri “/textpattern/index.php”] [unique_id “RmQuHX8AAAEAAG9IeG8AAAAR”]
____________________

btw – i know almost nothing about these things , but if it does matter or related somehow – 2 things:

1. my coda is showing my htaccess as “extensionless” – if its supposed to have some kind of extension, currently it does not.
2. i have no idea if this changes for anything, but my computer is using some “forwarding” so that other users see the site regularly while i work on it.
thx…

Offline

#6 2009-02-23 16:03:16

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: bad request error when getting started with pages

1. It should be extensionless, that’s fine.
2. I don’t think that causes this.

Try this adding this to that .htaccess:

SecFilterEngine On
SecFilterSelective "POST_PAYLOAD" "<html" "allow,nolog"

And if that doesn’t work, just insert this line instead:

SecFilterEngine Off

Offline

#7 2009-02-23 16:18:16

daphna
Member
Registered: 2009-02-22
Posts: 18

Re: bad request error when getting started with pages

still no luck, r we giving up? :-/

Offline

#8 2009-02-23 17:55:38

els
Moderator
From: The Netherlands
Registered: 2004-06-06
Posts: 7,458

Re: bad request error when getting started with pages

daphna wrote:

my coda is showing my htaccess as “extensionless”

Are you sure you named it .htaccess (with a dot)?

Offline

#9 2009-02-23 20:55:49

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: bad request error when getting started with pages

What is in your .htaccess file now?

Offline

#10 2009-02-24 08:05:53

daphna
Member
Registered: 2009-02-22
Posts: 18

Re: bad request error when getting started with pages

Hi,

Els – my ht has the dot – so much that if i dont ask coda to show invisible files it wont show.

ruud – this is what i have …
i deleted your prior suggestions,
i tried before adding them both in the end, or before the closing last#phpline, maybe i was supposed to put it instead of someth?
thx again.
————————————
#DirectoryIndex index.php index.html

#Options +FollowSymLinks
#Options -Indexes

<IfModule mod_rewrite.c> RewriteEngine On #RewriteBase /relative/web/path/

RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^(.+) – [PT,L]

RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*) index.php

RewriteCond %{HTTP:Authorization} !^$ RewriteRule .* – [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>

#php_value register_globals 0
——————————-

Offline

#11 2009-02-24 10:55:04

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: bad request error when getting started with pages

I’m out of idea’s. Have you contacted your hosting provider for advice?

Offline

#12 2009-02-24 12:53:05

daphna
Member
Registered: 2009-02-22
Posts: 18

Re: bad request error when getting started with pages

thx, after “applying pressure” again on my hosting provider they are transferring me to a more “cms-friendly” server, hopefully it will work ok,

anyways, as a new user, happy to see textpattern has a helpful forum :)

Offline

Pages: 1

  1. Index
  2. » Archives
  3. » bad request error when getting started with pages

Board footer

Powered by FluxBB