I have a website set up that uses a custom 404 error page. This seems to be working on most pages.
In fact, I have two different error pages that I want to show, and now a third that I just found out about.
This page, which does not exist, shows the correct error page that should be shown if a page cannot be found. This shows the error page as configured in my .htaccess file:
http://www.canadiancommuter.com/wontfindthis.php
This error page is generated from my PHP code if someone tries to access an old article that no longer exists in the database:
http://www.canadiancommuter.com/2334054466-some+old+article.html
However, this link, which will also generate a 404 error, shows a different error page (which usually includes advertising):
http://www.canadiancommuter.com/2012062500-TTC+asks+Ministry+of+Labour+to+treat+CNE+like+Rolling+Stones+concert%2FCaribana.html
I know the reason WHY this URL doesn't work. I purposely added characters to it to cause it to return a 404 error. My problem is that I can't figure out WHERE this other 404 error page is coming from.
It's not in my .htaccess file, the error page from my .htaccess file can be seen in the first link above.
It's not in my code. The only error page generated by the code itself can be seen in the second link above.
The only other places it could come from is my domain registrar, and my web host.
The domain is registered through one registrar, but points to my hosting account with another provider. The registrar says that because I'm just pointing the DNS for my domain to we web host the error page wouldn't come from them, but would come from my web host.
My web host says this error page isn't coming from them, but must be in my code.
I've heavily modified all of the code used for this site, so I'm pretty confident that the error page is not coming from there.
Does anyone have any ideas where I should look for this error page?
(Just a note, I'm not certain the registrar or the web host were entirely sure of what they were talking about, so I haven't ruled out either of them as being the source of this page. However, a thorough look through the administrative consoles for both do not reveal anything to this effect.)
Your pages are being served through a proxy running cloudflare-nginx which could be catching some 404 errors because slashes in either / or %2F form cause a different 404 page to be served.
Do you have an .htaccess rule that catches all of the possible 404 errors and not just the ones that match your filename scheme? If not, try setting one up. You could also try to run the site in a local server instance and see if the 404 pages behave as expected.
Edited because I mistakenly took characters produced by Transfer-encoding: chunked to be caused by misconfifguration
If (as you have already determined) your code doesn't generate the error page, then the "mysterious" 404 page comes either from the default websersver configuration (which is presumably controlled by your hosting provider) or indirectly from your DNS service (if your webserver redirects your browser to an unregistered domain, for example, then you may be redirected to a page which invites you to buy it).
The most straightforward way IMO to track this down is by using a browser equipped with machinery for tracking redirects (e.g. Firefox with the Firebug extension installed). If the error pages are indeed coming from your domain (and not a misspelling of it), then that implicates the default webserver configuration (and so presumably your hosting provider).
EDIT:
Re-reading the above I realize that I should clarify: your DNS service can't simply "redirect" you somewhere. If you find that typing a non-existing domain into your browser redirects you to a page with advertising then you can be fairly sure that it's your network connectivity provider that is inspecting your HTTP request, doing a DNS looking on your behalf behind the scenes, and redirecting you.
This is absolutely from your host provider!!
When %2F is given in url, nginx cannot handle that as an error (this might be a bug!) and it displays your host's default error page, you can see the same error on other websites hosted on the same server as your site:
http://aias-uic.org/not-found.html
http://halfdrawn.com/not-found.html
http://flyingmantis.com/not%2Ffound.html
...
and there are many other websites on the same server as your site! (you can check their IP to be sure)
The last one uses custom error page, so with %2F the mysterious error page is shown!
You can also disable your custom error pages for a while and you will probably get the mysterious error page!
Related
i have a really weird problem on a typo3 site.
The site currently runs on Typo3 4.6.6 (yeah i know we are in the process of upgrading it to 6.2 LTS)
In the backend we have 3 separate pages. The webspace where this site runs was currently upgraded to PHP 5.5. Nothing else has changed (as far as we know)
The problem is that on certain pages we get redirected to a https version of the same page, although the link is a http link.
See for instance here: http://www.phd-cell-signaling.at/home.html
If you open this it loads fine. But as soon as you click on a (http) link on the site, you get redirected to an https version hence the browser doesn't load all the stuff included via http (stylesheets for instance). But when you then delete the "s" from the address bar and hit enter you don't get redirected. And this is something i don't really understand.
And if that'd be a general issue shouldn't the other pages in the same typo3 environment also be affected? Or am i missing something here.
Since I'm not that familiar with typo3 it would be greatly appreciated if somebody could link me in the right direction where the problem could be.
We use realURL for example. But I checked the configuration i found and it doesn't appear to do anything that causes the redirect.
I also checked the typoscript configuration of all the pages in the backend with no success.
Are there any other plugins that might cause something like this?
Any help greatly appreciated.
When you follow a link on the page you posted, then the webserver returns the statuscode 301 (moved permanently) with the new location for that page (which is the requested page with the HTTPS scheme).
When TYPO3 is properly configured for SSL usage for single pages (so a backend user can use "Choose protocol" selectbox in the backend), then it already renders affected links with the proper scheme.
Your problem described can have multiple reasons. Please check the following:
Inspect the .htaccess file in the root directory of the TYPO3 website for any scheme redirects
Check if the webserver itself has configured scheme redirects for that virtual host
Goto the TYPO3 extension manager and search for local installed HTTPS or SSL redirection extensions
I'm new to moodle environment and I'm having this error:
Not Acceptable!
An appropriate representation of the requested resource could not be
found on this server. This error was generated by Mod_Security.
I haven't done anything, I'm just viewing the registered users in my website:
http://www.joyfementira.com/dnsc/it14lms I've noticed that my profile picture is not properly loaded so I clicked on it (picture's position), and after that the error came out.
What probably caused this error and how would I fix it?
I was experiencing same issue with my WP site shared-hosted in HostMonster. I resolved simply by accessing to the server via SSH and added the following lines on the .htaccess file :
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Just to add to the answers. If this happens while you are trying to login to a WordPress website admin and you are using any type of VPN on your machine, you'd have to turn it off to solve the problem.
If you turn off your VPN, you'd be able to login without experiencing the issue.
Apache has a mod_security tool that tries to block SQL injections by url. This rule is also blocking some real urls. The solution is:
access WHM in your dedicated server
search for mod_security tools
check if it's blocking some urls
click in the rule id
click in deploy and Restart Apache
if you don't have access to WHM in your server. Pass this issue to your server administrator.
This is the rule that was blocking my urls
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "\b(\d+) ?= ?\1\b|\'\"[\'\"] ?= ?[\'\"]\2\b" \
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'959901',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
This error will appear in some sites if cookies are turned off and mod_security requires cookies to match session data. It is suppossed to make things more secure... it ends up just annoying. Especially because web indexing crawlers like googleBot and other search engines do not use cookies, so THEY see this error instead of your site.
Do you have experience in setting up servers? Is this hosted by yourself or is it a shared hosting package?
The reason I ask is because this is a server-side (Apache) issue.
First, make sure your .htaccess file doesn't have any silly rules in it. The error arises because the server is denying access.
Second, make sure your file permissions are set up correctly. Generally speaking, you want directories to be 7/0/0 or 7/5/0 and files to be 6/0/0 or 6/4/0.
Read this for more details on Moodle security guidelines.
As for the profile picture issue, I'm not entirely sure what you're referring to so unfortunately I'm unable to answer that question. I doubt the two issues are related from the sounds of things.
I'm writing scripts to communicate from one server to another and I don't own either servers and cannot change any settings. I was getting the Not Acceptable error with some embedded URLs but not others. For example this one gets Not Acceptable:
http://magic.kayaker.net/simlink.php?avname=http://junk.com
While this one does not:
http://magic.kayaker.net/simlink.php?name=http://junk.com
(fails whether I escape the query or not) The second one gets an unknown command, which is an error my script generates, the first one returns the not acceptable without ever running my php script.
My solution has been to strip the http:// off all URLs and have the scripts on both ends put it back on.
In my case, I received this error when sending to viewer file wrong path to the file it needed to view.
err: example.com/subDir/myViewer.php?file=%27../../myImages/myFile.gif%27
fix: example.com/subDir/myViewer.php?file=%27../myImages/myFile.gif%27
It had the same problem when enter a link in a form.
It's is not the http:// or https://
In the form i had
<input type='text' name='demo'>
The name='demo' wasn't accepted anymore. I altered name='demo' into name='link' and solve it.
Most of the time this error occurs due to location. in my case, that was also an IP issue.
Use any FREE VPN to fix this issue for a permanent solution you can contact your hosting provider to white list your IP.
I had the same error when submitting a form to insert values into a database. The issue was that one of the form inputs was a link (with https). Once I took that input out, the error stopped showing up.
...In my case I was trying to save a Wordpress menu, with a link that pointed to #process (a divĀ“s ID)...changed the #process to #ourprocess and it worked...
pretty strange if you asked me, but as real as it gets, I was able to replicate the issue more than 10 times. It is definitely the URL of the link that is blacklisted...
so, if you are using Wordpress in a shared hosting (in my case is Bluehost) it could be this... or something similar.
If this is on WordPress, You just need to contact your hosting provider, They will white list your IP
For me it was a missing Content-Type header in my Insomnia requests!
Shout out to this blog post:
https://clay-atlas.com/us/blog/2021/10/17/wordpress-en-not-acceptable-mod-security/
Using HTTP header in request helped in my case
headers = {'user-agent': ...}
requests.get(url, headers=headers)
Encountered same issue today.
I was trying to access wordpress admin dashboard with browsec vpn turned on.
I turned it off and issue was resolved in seconds.
We are developing a PHP webapplication. Lately our apache logs show that Apache serves a 404 error page for a particular case. The logs indicate that the HTTP_REFERER is: http://ourhost.com?gclid=some_id. The REQUEST_URI is: /cache/some_other_id.
Our webapplication is build with symfony 1.4. Our webapplication does not serve any pages beginning with /cache, it therefore serves a 404 page. The webapplication also does not serve pages containing a link to /cache/some_other_id.
Why does Google (crawler) try to visit URLs beginning with /cache?
How should we handle these 404 errors?
It would seem it is this issue. Basically, some kind of browser extension making such requests... There is a suspicion of "Browser Companion Helper", part of "Ginyas Browser Companion" doing the requests.
I don't see much that can be done about it from the server side, except possibly advise a user that they have malware on their browser.
Suddenly, my images are not showing up on my site when accessing https pages. No change in my code. My host did have to recompile their ftp service with SSL support after my request (so I could ftpes my site). Can't thing of anything else that would affect my SSL cert. Same thing happens on FF and IE and on different computers.
If I go to your website ( https://www.scfootball.org/ ), I don't see the images, as you said : I get a 403 (Forbidden) error for each one of those -- I can see this using the "Net" tab of the Firefox extension Firebug, for instance.
If I try to see an image directly, without going trough the site (for instance : https://www.scfootball.org/widgets/GulloParkHeader.png ), then, I can see the image.
If you try, make sure you copy-paste the URL to a new tab/window, and not just click on it
Which means there is some kind of trouble between the website and the access to the images ; not on the images themselves.
If I disable the referer in firefox (the web developper toolbar extension allows that easily) and refresh your website's webpage, the images appear.
If I re-enable the referer, and refresh again, then the images don't appear anymore.
Which means there is something, related to the referer, that prevents the images from being sent, and returns a 403 error instead.
Just a wild guess : maybe there's a .htaccess in your widgets directory (or somewhere else) that prevents images from being served, if the referer doesn't correspond to a specific domain ?
Considering the images are displayed on the site when I access it without HTTPS (i.e. with an URL such as http://www.scfootball.org/index2.php ), maybe there is a "protection" in place so your images are not displayed if the Referer is not that non-https website... And that "protection" has not been updated when you switched to HTTPS ?
(I've seen that kind of "protection" used to prevent hot-linking of images, for instance)
This is an old post but, it could be hotlink protection too.
If you turn it on an allowed alias for a http:// domain you gotta for its https:// too, otherwise itll deny your images from being called to client.
I used DJango API to test locally, everything is normal, after deploying SSL, the interface access is normal, but the picture shows 404
Yeah, "not showing up" is a little vague. If the HTML is served by HTTPS and the images are still being served by HTTP, there's a little security leak inherent in the page, which your browser may deal with in one of several, largely ineffectual, ways.
I am developing a website in php.
when a user types a page which is not in my site, i want users to redirect to a page with an error message.
how can i identify such things and how can i do this??
Thanks.
If you're using Apache web server, you get this functionality for free. No need to implement it yourself. If the web server cannot find an resource it sends the client an HTTP 404 error (not found). Actually, pretty much any web server that correctly implements HTTP (1.0 or 1.1) will behave this way. Additionally, in Apache, you can customize the 404 page.
If you're using Apache, here's instructions:
http://www.thesitewizard.com/archive/custom404.shtml
This is not really a php feature, but more of a feature of your web server. In IIS you can configure the error page to go to a custom url. In apache i think you can usr mod_rewrite to achieve the same thing
Other than what others said this might be of some help too "Custom 404 Error" if you are using Apache.
If some script is launched on all of your pages (it can me unit, which is always included) you can make a check there. You should write there all of your available pages and if the required page is not in the list - you can show person, that he/she was wrong.
Sometimes the list of pages is jept in database. Most CMS-systems are based on that.