After solving couple of times the "500 Internal Server Error" problem as described in a previous post, I received another complaint from one of my clients I host:
"I also cannot save the articles and here is the error I got 500 - An error has occurred!"
Easy cake - I was thinking, but after checking his account, discovered, that all settings described on that article (namely the collation settings in database) where correct.
After digging around in logfiles and forums, I found another clue, and identified the potential problem: a setting in Apache's mod_security can cause the error. The short story is like this: The security module mod_security2 in Apache has special rules to filter possible SQL injections from POST commands. So, words like "DROP, SELECT, GRANT" etc (yeah, standard MySQL commands) in article content might trigger the protection rules. My client tried to post an article having the word "select". Changing that word to something else leaved me to save the article - so the culprit was identified!
From there, the fix was relative easy - but is not recommended if you aren't knowing PRECISELY what you are doing, or is not applicable if you have no ROOT access to the server. Hire a specialist - or talk to your server's support staff if you have this problem!
Back to the fix: The modsec rules having these side effects heve generally the ID 300013 through 300017 (cPanel world anyway). To fix the problem, you should disable these rules for the admin interface - and just there!!! - otherwise you open a security hole in your system. The fix is qualifies as a core hack, so be very cautious, when you apply the recommendations below!
The exact recipe is as follows:
- Open up /usr/local/apache/conf/modsec2/whitelist.conf with a text editor
- Add the following to the file:
- Restart Apache
- Test the result
This article is a proof that the fix is working - I tested and experimented the fix right on this site.