I'm running a site under IIS with PHP running in CGI mode. PHP was installed to a pre-existing site so a handler was setup for .html files to be parsed by PHP as well as .php files.
When a non-existent page with a .php extension is requested, a 404 is thrown and user is redirected to the custom 404 page, however when a non-existent page with a .html extension is requested the "No input file specified." error is shown.
I've searched this error and found potential solutions for similar issues but nothing that solves this particular boggle. Any ideas or pokes in the right direction would be much appreciated!
Try the Invoke handler only if request is mapped to file option for the handler under request restrictions.
First. Open "PHP Manager" and check warnings in yellow there. Follow advice there. There is a helpful page to resolve such issues from Microsoft at https://www.iis.net/learn/application-frameworks/install-and-configure-php-on-iis/using-php-manager-for-iis-to-setup-and-configure-php
Second. Check permissions to the folder of the app. User running AppPool should be given an access.
Hope it helps someone wandered here!
Related
I'm using a shared hosting service for my sites and there is a strange situation.
When any php page is accessed from a link (like Google search results page, etc), the page will not open.
The following error is shown:
"Forbidden you don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."
If the same url is input directly into the browser, the page displays fine.
The situation is not the same for html extension pages, which open properly from links too.
I am not using any .htaccess file.
Permission for files is 644 (I've never changed anything).
This situation is something new, there was not such a problem in the past.
Any advice is welcome.
So I am trying to get Symfony working on my server by following these install instructions.
http://symfony.com/doc/current/book/installation.html#book-installation-permissions
I got to the part where I ran this command in console in the directory where I wanted the framework to be installed.
symfony new my_project_name
I then followed these instructions to set my web root directory to /web as I believe I'm supposed to do?
It installed all the files correctly since I can see them in the folder. I made sure to restart apache and I'm positive document root is in the correct location.
http://tecadmin.net/how-to-change-document-root-of-primary-domain-in-cpanel/#
Once I did this I was supposed to be able to test the installation, but nothing seems to happen except that 406 error?
This is the exact error I get.
An appropriate representation of the requested resource /app.php could not be found on this server.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
I'm not sure what else to do.
Please note, that since I'm using CPANEL I can't change the virtual host configurations of apache if that is the issue, so I'm looking for a CPanel specific answer. Thank you!
Okay so I finally figured out what to do, I had 2 problems. Because I installed as the 'root' user I had to run the following command on the symfony installation.
chown -R devdistribution:devdistribution .
In my case, my username is devdistribution but you would just put your own. Make sure to do this on the top level not just the /web folder.
I knew this was one of the errors because the apache log said something along these lines
Mismatch between target UID (520) and UID (501) of file "/home/devdistribution/public_html/distribution_tech/web/app.php"
This fixed the 500 error, but not the 406. To fix the 406 error you need to login into WHM and type modsecurity to find it in the search field.
go to the configuration option for it, you will see this.
Rules Engine SecRuleEngine
This setting controls the behavior of the rules engine.
Process the rules.
Do not process the rules.
Process the rules in verbose mode, but do not execute disruptive actions.
Select 'Do not process the rules'. Then save at the bottom. This fixed the issue for me and I was able to see the opening symfony screen!
However, this I'm sure leaves security vulnerabilities now...so I still need help on the proper way to handle mod security with symfony in this case if anyone knows? I'll make a separate question for this.
Step 1:
Login to your cPanel account and start searching for the file manager icon under the files section.
Step 2:
As always, you need to make sure, you see the public_html directory. Depending on the web hosting you have, you may also see the home directory after opening the file manager.
Step 3:
Find the .htaccess file and right-click to edit.
Step 4:
After choosing an edit option, you see a popup asking to disable encoding if you wish. You have to click on the Edit button to continue.
Step 5:
On a new tab, you can see many rewritten rules. You have to add the code to the .htaccess file.
<IfModule mod_security.c>
SecFilterEngineOff
SecFilterScanPOSTOff
</IfModule>
I have a Windows 7 laptop. I downloaded PHP 5.2.8. I downloaded Apache 2.2.
I ran the MSI for PHP install, which i know is not recommended but I tried multiple times the normal route without success.
I have apache running and it shows "Running all apache services". When i did the install i set it up for "localhost".
I checked the CGI checkbox in my control panel.
I placed a simple file, test.php , in C:\inetpub\wwwroot ... but when the file is double-clicked, it tries to download the file instead of opening it as a webpage.
I've been googling this for a couple of hours and cant find a suitable fix. I have cleared my cache, and still no luck.
I also set apache to listen on port 8080 just to be certain nothing else was using port 80 before hand.
Any Ideas??
Thanks!
update -- i was missing the php5apache2.dll ... i placed this in the PHP directory but still the same results. i have also tried browsing to the file location through IE which didnt change anything either unfortunately.
update again, - - DOH! - - didnt realize it was localhost/test.php or what the answer below was. when i do that, i get a server error page.. which is better than before i guess :)
Server Error in Application "DEFAULT WEB SITE"
HTTP Error 500.0 - Internal Server Error
An unknown FastCGI error occured
Module FastCgiModule
Notification ExecuteRequestHandler
Handler PHP
Error Code 0x8007010b
Requested URL http://localhost:80/test.php
Physical Path C:\inetpub\wwwroot\test.php
Logon Method Anonymous
Logon User Anonymous
Most likely causes:
•IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
•IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
•IIS was not able to process configuration for the Web site or application.
•The authenticated user does not have permission to use this DLL.
•The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
when i try to start/run apache, it errors out. so when i run apache test configuration i get the following message:
httpd.exe: Syntax error on line 1 of C:/Apache/conf/httpd.conf: Cannot load C:/php/php5apache2_2.dll into server: The specified module could not be found.
However when i browse to that director, i do see that dll file there!! ugh...
ideas?
If you placed a file called test.php in C:\inetpub\wwwroot, then you would open your browser to http://localhost/test.php to try to execute the file.
The php5apache2.dll file needs to go in your module directory for apache, and you would need to add the appropriate apache config lines such as those below:
LoadModule php5_module "c:/path/to/php5apache2.dll"
AddHandler application/x-httpd-php .php
SetHandler application/x-httpd-php
After making those changes, you will need to restart apache.
Assuming you have PHP installed in Apache properly as mentioned in the other answers, it is possible the .php page is not sending the correct header. I have a .php file that emits a header with Content-Type: text/json, this is commonly used to provide a service for an Ajax client. The .php page should be sending Context-Type: text/html.
To determine if this is indeed the problem you can use wget with the -S option, or use developer tools in your browser. Take a look at this answer: Tool to view response headers
Double clicked? As in within explorer? If so, this won't open the page. You need to browse to the page. If you're within the directory listing for apache double clicking is not necessary.
As for setting up, if you're new your best bet is to use iis, easyphp, xampp, or some other variation
EasyPHP: http://www.easyphp.org/
Xampp: http://www.apachefriends.org/en/xampp.html
They'll get you running without the hassle
Background -
I have my website code hosted on a linux server. My website allows new registrations for employers (http://www.gymandspajobs.com/Employer/Employer.php). The filled-up forms are verified by JavaScripts in the folder "/javascript" and if the information is found ok, the data is submitted via JavaScript HTTP request object and the PHP file "somefile.php" kept in the folder "/somefolder" under the root directory does the database inserts.
Problem -
When a new user tried to register using Firefox (I tested in WinXP SP2, Firefox - v3.5.2), the HTTP response I used to get (which I tapped in my JavaScript file) was
"You don't have permission to access /somefolder/somefile.php on this server." .
Surprisingly, the same functionality worked perfectly well in IE7 and Chrome.
Latest Update on the Problem -
I contacted my web hosting guys and my problem seems to have been solved after I received this reply from them.
We have disabled mod_security for your domain to fix it. We have entered the below lines to the .htaccess file under the httpdocs directory for your domain. We have also verified and successfully able to submit the Employer registration without any issues. ~~~~~ SecFilterEngine off ~~~~~
Though the problem has got solved, I think making "SecFilterEngine off" may not be the best solution to this problem as it compromises security. Hence I asked the hosting guys if there is a way to keep mod_security ON and yet get my functionality to work...... here is their reply.....
Q. is there any way my code can work yet keeping mod_security ON?
Ans. It is possible. But it is not easy. You have to modify the code in the file in such a way that the URI should not have the pattern "!(^application/x-www-form-urlencoded$|^multipart/form-data;)" because we found this entry in the apache error logs -
mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match "!(^application/x-www-form-urlencoded$|^multipart/form-data;)" at HEADER("Content-Type")
I am using the HTTP object and POST method via JavaScript as -
http.setRequestHeader('Content-Type','application/x-www-form-urlencoded')
Please guide me as to what changes do I need to do in the above line of code so that mod_security can be kept ON and yet my registration form will work?
Thanks and Regards,
-Rupak Kharvandikar-
In this situation the best thing to do is to threat that specific warning as a false positive because it is. Remember that mod_security doesnt support content encoding and false positives is a very normal thing when you are dealing with WAF's.
Disabling all mod_security rules just for one false positive is dumb though. Look for the id of the rule that is getting triggered and disable it "SecRuleRemoveById". In my box I created an additional config to place all the rules i want to disable.
modsecurity_crs_60_myignores.conf
SecRuleRemoveById 960903
SecRuleRemoveById 970903
SecRuleRemoveById 970902
I managed to create an account in Firefox without any issues.
I'm on a VPS environment so I have root access, btw.
So take a look at these issues:
http://www.sonikastudios.com/wp-content/themes/sonikas/scripts/timthumb.php?src=/wp-content/uploads/tedleescreenshot1.jpg&w=100&h=100&zc=1&q=100
That returns a 404 error.
However when I move timthumb.php to the root of the site, it works.
I verified file/folder permissions, it's not the issue. Also, another PHP generated image that i use for Captcha, is doing the same thing...
So essentially it boils down to no .php files running from within folders. However this is not an issue otherwise because PHP scripts I have under /admin/ on other sites work fine.
So... what could cause this? Most forum articles I read lean towards a mod_security problem, but I don't even know where to start, as I'm not an apache expert.
As you have root access, try looking for what is happening in Apache logs. To follow latest request you can use tail.
Which version of Apache you are running? In my configuration of Apache 2.2 you can follow error log in terminal by invoking:
tail -f /var/log/httpd/error_log
It seems that default configuration of Apache 2.2 has error log in /usr/local/apache2/logs/error_log, so my configuration is not default.
If you do not have success with error log, try also looking for information in access log, default location at /usr/local/apache2/logs/access_log.
Same error can occur when the file it self is also writable. Make sure the file is 644 and NOT 666 !
Wordpress is probably using some mod_rewrite rules to send every request to its index.php. And there it’s analyzing the request and returning a 404 status code if one of its internals was requested.
This is a problem with your .htaccess file generated by WordPress. It redirects all requests for your site that aren't wp-admin/ or in your uploads directory to the index.php file for WordPress (the request handler that queries for posts, etc.)
In my case, the following PERMISSION changes solved the (Timthumb.php) issue:
The PHP script must be "644".
All of the parent directories must be "755"; Neither "775" nor "777".