Jump to content

ini-custom.inc.php and no statistics


keat

Recommended Posts

I updated from 6.0.1 to 6.1.7 last night.

Whilst the site appears to be working OK this morning, I'm unable to open up 'Statistics' resulting in a 500 error.

Apache logs would suggest that this is triggering multiple OWASP mod sec rules.

 

[Tue Apr 25 08:28:11.360741 2017] [:error] [pid 544:tid 140648707495680] [client xx.xx.xx.xxx] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "37"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "event-correlation"] [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP76ihbjaLjsO1b4SPZQxgAAAIs"]

[Tue Apr 25 08:28:11.360853 2017] [:error] [pid 544:tid 140648707495680] [client xx.xx.xx.xxx] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "39"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "event-correlation"] [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP76ihbjaLjsO1b4SPZQxgAAAIs"]

[Tue Apr 25 08:36:10.948880 2017] [:error] [pid 4635:tid 140648676026112] [client xx.xx.xx.xxx] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-information disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP78ak2Y4tFUNFVw@JEwkgAAAI4"]

[Tue Apr 25 08:41:57.745488 2017] [:error] [pid 5079:tid 140648749455104] [client xx.xx.xx.xxx] ModSecurity: Geo Lookup: Failed to lock proc mutex: Identifier removed [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP79xRWqDyps6QnNHaJCjwAAAUc"]

 

As I seem to be chasing one mod sec failure after the other, I disabled all mod sec rules, but even then I'm still unable to open up 'Statistics'.

Only this time, rather than a 500 error, now I just get a blank screen, so I enabled ini-custom.inc.php to start to capture error logs, but now 'Statistics is working'

Typically, no errors are generated.

I enable the mod sec rules and I can still gain access to 'Statistics'

 

Thinking, it must have been a blip, I disable ini-custom.inc.php and all of a sudden, Statistics stops working again.

Subsequent renaming of ini-custom.inc.inc.php enables or disables statistics everytime.

 

Any ideas ??


 
Link to comment
Share on other sites

Hi Keat, not really helpful to your problem but just to let you know my Statistics is working as expected either with or without ini-custom.inc.php. i expect you have tried this but have you cleaned shop cache?

in admin dashboard advanced i have noticed i don't get any php info up just a blank screen nothing to do with your issue but i just noticed it was empty. 

Link to comment
Share on other sites

I cleared the cache many times lat night as part of the update, and again this morning.

I've just delved inside ini-custom.inc.php and notice that it has the following entries.

ini_set('memory_limit', '256M');
ini_set('max_execution_time', '60');

Maybe one of these two entries are over riding something and allowing more memory or resources for something to run ??

Could this be related to the following entry in ini.inc.php

6.0.10 has an entry 'ini_set('memory_limit', '128M');   // Increase Memory Limit'

6.1.7 has nothing

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...