weird-500-internal-server-error-on-wordpress-resolved

Weird 500 internal server error on WordPress – Resolved!

The recent CentOS 5.x systems have mod_security built in and the 2.x doesn’t allow overriding it on .htaccess and this causes a lot of heartbreaks to folks that want some basic things done on wordpress and a lot of other software. This post deals with getting around it for wordpress.

You post something really harmless and you are shown a 500 error page. The local error_log contains nothing in it and you need the server access (root) and if you don’t have it, I don’t think you’re getting anywhere. Stuff explained here on would require shell access. I’m thinking of doing one for using SSH but at a later date. From here on, I assume that you have root access to the server and know how to work with shell access.

Here’s what you do – locate the error_log on the system. Shell into your machine as root.

grep ErrorLog /etc/httpd/conf/httpd.conf

It should tell you where the file is and the next step you need to invoke the error – reproduce the 500 error so that we have it at the tail of the file and

tail /etc/httpd/logs/error_log

You will notice something like — for obvious reasons, I’m not including the whole thing

ModSecurity: Access denied with code 500 (phase 2). 
Pattern match "((alter|create|drop)[[:space:]]+
(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" 
at ARGS:content. 
[file "/usr/local/apache/conf/modsec2.user.conf"] 
[line "352"] [id "300015"] [rev "1"] [msg "Generic SQL injection protection"]
 [severity "CRITICAL"]

What we found here is the security that it is trying to prevent you from doing some SQL injection stuff – Let’s not go into the details – I didn’t even bother to – All that we need to locate is the whitelist file where we’re going to add some stuff.

nano /usr/local/apache/conf/modsec2.user.conf

should tell you the location of the whitelist at /usr/local/apache/conf/modsec2/whitelist.conf – Press Control-X to exit the editor. I used the editor so that you’ll notice the location which is right on top – 3rd line or so.

nano /usr/local/apache/conf/modsec2/whitelist.conf

To this, we’re going to add a set of rules that would allow WordPress to work as desired. I took this from a blog post. In fact, I’ve only added some bells and whistles to what this genius has done already.

# Added for Worpress Operations

  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61


  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61


  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61


  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61


  SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61


  SecRuleRemoveById 960010 960012 950006
  SecRuleRemoveById phpids-17
  SecRuleRemoveById phpids-20
  SecRuleRemoveById phpids-21
  SecRuleRemoveById phpids-30
  SecRuleRemoveById phpids-61

Go to the end of the file and paste all this into it. If you’re using PuTTY for windows, copy the content to clipboard, scroll to the end of the file and press right-click and you’ll thank me a million times. Infact, you can paste all of the commands using right click. Press Control-O to save the file and Control-X to exit.

Now, you need to restart the webserver – httpd

/etc/init.d/httpd restart

Another weekend to tickle my geeky nerves and the error. I personally prefer to work on Debian but this one talks about CentOS – most customers use CentOS – rather they are sold CentOS.

Hope this helps someone – Please leave your questions, comments and feedback here and I’ll try and come back to you.