PHP script causing Apache errors

[murilo]

My PHP script is programmed to return a json-ecoded error when certain $_GET parameters are empty, but instead it is returning Apache's default 403 Forbidden screen + Plesk's 500 Internal Server Error screen

Right after, the following stuff appear in the server logs:

ModSecurity: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:env" required. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf"] [line "6649"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||murilo.heliohost.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "murilo.heliohost.us"] [uri "/nnidlt/api.php"] [unique_id "YqzLmsxfvqHEorQQS6SJXgAAARI"]

(20014)Internal error: mod_fcgid: ap_pass_brigade failed in handle_request_ipc function

Please help!

[Krydos]

I found this on StackOverflow regarding that error:

Quote

The warning has nothing to do with any of the Fcgidxxx options and is simply caused by client's closing their side of the connection before the server gets a chance to respond.

Source: https://stackoverflow.com/a/48468294/2336864

It sounds like maybe it's a client issue maybe? How long does your PHP script take to finish?

[murilo]

Not really long.

See yourself:

https://murilo.heliohost.us/nnidlt/api.php?env=production&user_id=Krydos (Valid request.)

https://murilo.heliohost.us/nnidlt/api.php?env=production&user_id= (Invalid request. The GET parameter user_id is required. The server should respond with 400 HTTP response code and a json-encoded message, but it doesn't for some reason and a weird Apache error occurs.)

I don't know what to do.

 

[murilo]

I used to host that script in InfinityFree before I was moved to Plesk, and in there it works perfectly.

[Krydos]

30 minutes ago, murilo said:

https://murilo.heliohost.us/nnidlt/api.php?env=production&user_id=Krydos (Valid request.)

https://murilo.heliohost.us/niidlt/api.php?env=production&user_id= (Invalid request.)

First of all the working link has "nnidlt" and the invalid link has "niidlt" so that's why it's giving a 404 error.

The problem is this line

http_response_code(400);

I commented that out and now it gives the expected JSON response. https://murilo.heliohost.us/nnidlt/api.php?env=production&user_id= It seems like Plesk is trying to give some custom error page for 400 errors for some reason. Not sure why. Does that script need to return a 400 error or is 200 response with the correct json error enough?

[murilo]

9 minutes ago, Krydos said:

First of all the working link has "nnidlt" and the invalid link has "niidlt" so that's why it's giving a 404 error.

 

Oh, sorry, my bad. I typed the link manually.

9 minutes ago, Krydos said:

I commented that out and now it gives the expected JSON response. https://murilo.heliohost.us/nnidlt/api.php?env=production&user_id= It seems like Plesk is trying to give some custom error page for 400 errors for some reason. Not sure why. Does that script need to return a 400 error or is 200 response with the correct json error enough?

Hmm... weird. Yes, it's meant to give 400 since the JavaScript that pulls from that API looks for a response code different from 200 to display the error mesage. I can try using another response code I guess.