Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Weird apache/PHP POST error

After a few hours of searching for the error, I've found a reproducable test. It uses a simple form:

<form name="test" method="POST" action="test.php">
  <textarea name="content"></textarea>
  <input name="submit" type="submit" value="send"/>
</form>

After filling the textarea with exactly substring((SELECT and hitting the button 'send' the server returns a general error: Connection with the server was reset while downloading I looked into http error_log but there are no reports for this.

Using:

Linux 2.6.32-220.23.1.el6.x86_64
Build Date  Jul 3 2012
Server API  Apache 2.0 Handler 
Apache Version  Apache/2.2.15 (CentOS) 
Apache API Version  20051115 
PHP Version 5.3.3

test.php has no PHP code there is only the form. If I rename the file to test.html and change action="test.html" the error remains the same.

Tested on FF 15 and Chrome 21, (ERR_CONNECTION_RESET)

Firebug: POST test.php Aborted 192.168.1.1 0 192.168.1.1:80


Is it possible that apache is filtering my POST data? I noticed that substring((SELECT is mentioned in several apache exploits. How can I disable this kind of filters?

I can not see any mod_security in my modules.

like image 972
user1517081 Avatar asked Sep 03 '12 09:09

user1517081


1 Answers

Make sure that

echo '<pre>';
var_dump(apache_get_modules());

Does not list mod_security or an other security related module.

like image 69
powtac Avatar answered Oct 13 '22 05:10

powtac