Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

SecChrootDir -> Premature end of script headers: msg#00012

apache.mod-security.user

Subject: SecChrootDir -> Premature end of script headers

Hello there,
I've got some Problems but at first some Informations:

Operating System:
Linux debian 2.4.27 #3 SMP Fri Oct 22 13:50:24 CEST 2004 i686 GNU/Linux

Server version: Apache/2.0.53
Server built: Feb 25 2005 08:29:30
Server's Module Magic Number: 20020903:9
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/worker"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT=""
-D SUEXEC_BIN="/usr/lib/apache2/suexec2"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"

Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_log_config.c
mod_logio.c
mod_env.c
mod_setenvif.c
worker.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_negotiation.c
mod_dir.c
mod_alias.c
mod_so.c

My mod_security:
debian:/etc/apache2/mods-enabled# apt-cache show libapache2-mod-security
Package: libapache2-mod-security
Priority: optional
Section: web
Installed-Size: 128
Maintainer: Bruno Rodrigues
Architecture: i386
Source: libapache-mod-security
Version: 1.8.4-1.1
Depends: mod-security-common (= 1.8.4-1.1), apache2-common, libc6
(>=
2.3.2.ds1-4)
Filename:
pool/main/liba/libapache-mod-security/libapache2-mod-security_1.8.4-1.1_i386.deb
Size: 32874
MD5sum: e8dba8ed671ab0e8346aeef1619a1a0e
Description: Tighten the Web application security for Apache 2.x

Apache error log:
[Sat Mar 05 21:23:31 2005] [notice] mod_security: chroot checkpoint #1
(pid=7334 ppid=7332)
[Sat Mar 05 21:23:31 2005] [notice] mod_security: chroot checkpoint #2
(pid=7335 ppid=1)
[Sat Mar 05 21:23:31 2005] [notice] mod_security: chroot successful,
path=/chroot/apache
[Sat Mar 05 21:23:31 2005] [notice] Apache/2.0.53 (Debian GNU/Linux)
proxy_html/2.4 mod_perl/1.999.20 Perl/v5.8.4 configured -- resuming normal
operations
[Sat Mar 05 21:23:31 2005] [info] Server built: Feb 25 2005 08:29:30
[Sat Mar 05 21:23:31 2005]
[debug]
/home/adconrad/apache2/apache2-2.0.53/build-tree/apache2/server/mpm/worker/worker.c(1632):
AcceptMutex: sysvsem (default: sysvsem)
[Sat Mar 05 21:24:00 2005] [error] [client xxx] Premature end of script
headers: index.php

mod_security Debug log:
[05/Mar/2005:21:24:00 +0100] [xxx/sid#81afd70][rid#83dff70][/index.php]
sec_check_access, path=(null)
[05/Mar/2005:21:24:00 +0100] [xxx/sid#81afd70][rid#83dff70][/index.php]
Filtering off, switched off for path "(null)"
[05/Mar/2005:21:24:00 +0100] [xxx/sid#81afd70][rid#83dff70][/index.php]
Filtering off, switched off for path "(null)"
[05/Mar/2005:21:24:00 +0100] [xxx/sid#81afd70][rid#83dff70][/index.php]
find_last_request: start with 83dff70 "/index.php"
[05/Mar/2005:21:24:00 +0100] [xxx/sid#81afd70][rid#83dff70][/index.php]
sec_logger: start
[05/Mar/2005:21:24:00 +0100] [xxx/sid#81afd70][rid#83dff70][/index.php]
Audit log off here

There are no informations in the php log file.

System description:
Apache is used for normal Website Providing. Users could access their
Webspaces during FTP and upload HTML Sites, PHP and CGI Script, so that
their Pages are provided to the www. A mysql Server is also running.
PHP is configured to run as CGI with suPHP. This is provided by the
mod_suphp for apache.
I tried to configure Apache to run with mod_security and its SecChrootDir
Directive. But there must be the error. Either in mod_security or in
mod_suphp.
When I access a simple PHP Script, with the phpinfo() function I got the
following error in the apache log:

[Sat Mar 05 21:24:00 2005] [error] [client xxx] Premature end of script
headers: index.php

And a 500 Internal Server Error at the Browser.

Please help me, I don't know what I could do...

--
SMS bei wichtigen e-mails und Ihre Gedanken sind frei ...
Alle Infos zur SMS-Benachrichtigung: http://www.gmx.net/de/go/sms

--
DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Just received Apache Security, bugtraq
Next by Date:  Re: SecChrootDir -> Premature end of script headers, Ivan Ristic
Previous by Thread:  Just received Apache Security, Christopher Cuevas
Next by Thread:  Re: SecChrootDir -> Premature end of script headers, Ivan Ristic
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
hardware.arm.at...    cms.citadel.dev...    video.gstreamer...    java.facelets.u...    misc.basics.qna...    web.wiki.instik...    network.uip.use...    xdg.devel/2003-...    tex.bibtex.bibd...    finance.quotesp...    ietf.zeroconf/2...    redhat.blinux.g...    suse.db2/2003-0...    php.phpesp/2004...    uml.devel/2003-...    gnome.labyrinth...    qnx.openqnx.dev...    boot-loaders.gr...    db.dataperfect....    audio.audacity....    linux.uclinux.m...    editors.j.devel...    os.openbsd.tech...    kde.users.multi...   
Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation