I am having the strangest error come up on a site that I am working on. For a while we have had the site in admin only view so we could work on things without any users logging in. Was fine during this phase.
Today we opened up the site to a handful of people to sign up and test the site out. As people started coming in however, every user was getting this error:
"can't open file" with a white screen
The error first pops up when the user tries to register and gets to the final page. This is the part that is supposed to tell the user that a email confirmation link has been sent to them.
Once this error pops up, the error will continue to display for all pages until they clear their cache.
Changes that were done:
1: Prior to opening the site up, the .htaccess was edited to prompt a initial login box (this was done to prevent others from accessing the site while we were moving to a 'beta' phase). I also added a .htpasswd file that contained the details for the users to enter to get to the site. I have tried to delete this edit thinking that it was this acting up, but did not work, error was still displaying.
2: Checking and repairing the joomla session table within the database - my thoughts were that perhaps it was a session issue since it was triggered when the user went to sign up and complete the registration process. This did not work.
3: One of the components that we were using needed a custom edit to the session.php file. "/libraries/joomla/session/session.php" - I reverted this file back to the original, however the error still comes up. Did this, thinking it was session related as the point above)
4: I cleared all cache and purged all expired cache, this had no effect. I also cleared all cache as I did the previous 3 items as well.
So now I am completely stumped on how to go ahead and get this working correct. The error that displays is VERY vague and leaves no information other than it 'can't open file'
Joomla Version: Joomla! 3.4.8 Stable
PHP Version: 5.6.16
Web Server: LiteSpeed
Community Component: EasySocial
Subscription Component: PayPlans
We've sorted this now I think. Looking in the logs one of the site plugins was using the ftp layer to open a file which had been created directly by Apache, and so the permissions didn't allow it.
I've change the permissions now and the error condition seems to have gone.
I'm new to moodle environment and I'm having this error:
Not Acceptable!
An appropriate representation of the requested resource could not be
found on this server. This error was generated by Mod_Security.
I haven't done anything, I'm just viewing the registered users in my website:
http://www.joyfementira.com/dnsc/it14lms I've noticed that my profile picture is not properly loaded so I clicked on it (picture's position), and after that the error came out.
What probably caused this error and how would I fix it?
I was experiencing same issue with my WP site shared-hosted in HostMonster. I resolved simply by accessing to the server via SSH and added the following lines on the .htaccess file :
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Just to add to the answers. If this happens while you are trying to login to a WordPress website admin and you are using any type of VPN on your machine, you'd have to turn it off to solve the problem.
If you turn off your VPN, you'd be able to login without experiencing the issue.
Apache has a mod_security tool that tries to block SQL injections by url. This rule is also blocking some real urls. The solution is:
access WHM in your dedicated server
search for mod_security tools
check if it's blocking some urls
click in the rule id
click in deploy and Restart Apache
if you don't have access to WHM in your server. Pass this issue to your server administrator.
This is the rule that was blocking my urls
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "\b(\d+) ?= ?\1\b|\'\"[\'\"] ?= ?[\'\"]\2\b" \
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'959901',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
This error will appear in some sites if cookies are turned off and mod_security requires cookies to match session data. It is suppossed to make things more secure... it ends up just annoying. Especially because web indexing crawlers like googleBot and other search engines do not use cookies, so THEY see this error instead of your site.
Do you have experience in setting up servers? Is this hosted by yourself or is it a shared hosting package?
The reason I ask is because this is a server-side (Apache) issue.
First, make sure your .htaccess file doesn't have any silly rules in it. The error arises because the server is denying access.
Second, make sure your file permissions are set up correctly. Generally speaking, you want directories to be 7/0/0 or 7/5/0 and files to be 6/0/0 or 6/4/0.
Read this for more details on Moodle security guidelines.
As for the profile picture issue, I'm not entirely sure what you're referring to so unfortunately I'm unable to answer that question. I doubt the two issues are related from the sounds of things.
I'm writing scripts to communicate from one server to another and I don't own either servers and cannot change any settings. I was getting the Not Acceptable error with some embedded URLs but not others. For example this one gets Not Acceptable:
http://magic.kayaker.net/simlink.php?avname=http://junk.com
While this one does not:
http://magic.kayaker.net/simlink.php?name=http://junk.com
(fails whether I escape the query or not) The second one gets an unknown command, which is an error my script generates, the first one returns the not acceptable without ever running my php script.
My solution has been to strip the http:// off all URLs and have the scripts on both ends put it back on.
In my case, I received this error when sending to viewer file wrong path to the file it needed to view.
err: example.com/subDir/myViewer.php?file=%27../../myImages/myFile.gif%27
fix: example.com/subDir/myViewer.php?file=%27../myImages/myFile.gif%27
It had the same problem when enter a link in a form.
It's is not the http:// or https://
In the form i had
<input type='text' name='demo'>
The name='demo' wasn't accepted anymore. I altered name='demo' into name='link' and solve it.
Most of the time this error occurs due to location. in my case, that was also an IP issue.
Use any FREE VPN to fix this issue for a permanent solution you can contact your hosting provider to white list your IP.
I had the same error when submitting a form to insert values into a database. The issue was that one of the form inputs was a link (with https). Once I took that input out, the error stopped showing up.
...In my case I was trying to save a Wordpress menu, with a link that pointed to #process (a div´s ID)...changed the #process to #ourprocess and it worked...
pretty strange if you asked me, but as real as it gets, I was able to replicate the issue more than 10 times. It is definitely the URL of the link that is blacklisted...
so, if you are using Wordpress in a shared hosting (in my case is Bluehost) it could be this... or something similar.
If this is on WordPress, You just need to contact your hosting provider, They will white list your IP
For me it was a missing Content-Type header in my Insomnia requests!
Shout out to this blog post:
https://clay-atlas.com/us/blog/2021/10/17/wordpress-en-not-acceptable-mod-security/
Using HTTP header in request helped in my case
headers = {'user-agent': ...}
requests.get(url, headers=headers)
Encountered same issue today.
I was trying to access wordpress admin dashboard with browsec vpn turned on.
I turned it off and issue was resolved in seconds.
I have an OpenCart shop running on two different servers (development and staging of the exact same site). On Server #1 everything is working as expected, but on Server #2 I'm all of a sudden seeing the parameter CSRF_TOKEN=xxxxxxx appended to various but not all URLs.
Where is this coming from???
For example, if I press the "Add to cart"-button jQuery throws the following exception:
Error: Syntax error, unrecognized expression: ?CSRF_TOKEN=xxxxxxx
I'm also getting a bunch of other errors, all due to this mysterious CSRF_TOKEN.
If I hover over certain links, I see the the CSRF_TOKEN as part of the URL but it's not in the source code but somehow ends up in client.
I´m running Apache version 2.2.29 and PHP 5.4.32. I have no idea where this is coming from or what to do about it - Any ideas on what is going on here?
My hosting provider confirmed that it was an security rule on the server causing the issue and helped me resolve it.
I have one site in drupal and abruptly site hit is giving error as "This webpage has a redirect loop".
The webpage at http://example.com/install.php has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Here are some suggestions:
Reload this webpage later.
Learn more about this problem.
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many
redirects.
can any one tell where I am going wrong?
Try to upload a static HTML file to the same directory and try to access this file via HTTP. If it gives you the same error, then it's the directory permission.
The common cause is that you don't have the permission to browse the folder. You can fix it by giving execute permission for everyone.
I had the same error message. I found this issue on drupal.org from which I got the idea to look for install.php that had been deleted by Softaculous (automated installation software).
Copying install.php from a freshly downloaded package solved the problem.
I just recently had this issue today working on a dev site. Only the front page was resulting in a "Too Many Redirects" error, all other pages for the site worked correctly. Turned out to be an issue related to the hosting, turned off caching and everything worked out fine.
I am running a site on php with a mysql backend. Things have been fine but suddenly one users account started getting a 500 error. Each user has his own profile when they log into the any box so his internet explorer settings are the same no matter what box he logs on to. Does anyone know if this could be an internet explorer setting causing this? I have tried to debug everything on the client side and no matter what I do he is getting rejected. No other account is having this issue. I am not really an SA but the only thing I think it can be at this point is some setting within his profile which is causing this. This is also happening on firefox but instead of a 500 error I am getting a blank white screen. (I assume friendly error messages are turned on)
The issue had to do with a permission not properly set in one of the log folders. The system was trying to write to the log folder and for some reason that particular user was not set to have write access. The problem was impossible to track down but thanks for the help.
If this is programming related, it might help turning error displaying on in php, using error reporting:
<? error_reporting(E_ALL); ?>
Could be the browser acting up, sending weird headers or mangling requests because of addons or malware.