Hi folks! Today, I have an error in my server on whmcs. I can't save anything if using the MyAccount.PhP script, so changing the system password, for instance, is failing.
I was told by Rhonald to change WHMCS to run as a CGI script otherwise domains don't work right, and Apache reloading causes an error. But now, hear is the error log contents for tonight:
[code] og l -f /home/khinton/domains/billing.keithnet.us/logs/error_lo
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] Security Alert! The PHP CGI cannot be accessed directly., referer: http://billing.keithnet.us/admin/myaccount.php
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] , referer: http://billing.keithnet.us/admin/myaccount.php
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] This PHP CGI binary was compiled with force-cgi-redirect enabled. This, referer: http://billing.keithnet.us/admin/myaccount.php
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] means that a page will only be served up if the REDIRECT_STATUS CGI variable is, referer: http://billing.keithnet.us/admin/myaccount.php
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] set, e.g. via an Apache Action directive., referer: http://billing.keithnet.us/admin/myaccount.php
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] For more information as to why this behaviour exists, see the manual page for CGI security., referer: http://billing.keithnet.us/admin/myaccount.php
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] For more information about changing this behaviour or re-enabling this webserver,, referer: http://billing.keithnet.us/admin/myaccount.php
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] consult the installation file that came with this distribution, or visit , referer: http://billing.keithnet.us/admin/myaccount.php
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] the manual page., referer: http://billing.keithnet.us/admin/myaccount.php
[Fri Jun 01 22:05:44 2012] [error] [client 67.61.150.0] Premature end of script headers: php5.cgi, referer: http://billing.keithnet.us/admin/myaccount.php
[/code]
Any ideas? Thanks!
Sorry about the partly typed log command, for somre reason only half of it was put in, but it was a tail -f of the log for billing.keithnet.us and the error log. Any help is valued in getting account.php to work again, and I'm not sure what other PHP scripts may throw this internal server error.
Okay, after doing some poking around, I set and uncommented the cgi.fixpath to 0, so looks like it's solved now. I'm just curious, though why setting this is even necessary? I'm curious what the fix path set to 1 was trying to do? Just curious at the behavior, that's all. Thanks a lot!
I keep forgetting the fix_path setting ... I had this too with whmcs.
Now that I have whmcs (v5) on its own and different server running mod_fcgid, the setting I use is: cgi.fix_pathinfo = On
according to php: "Provides real PATH_INFO/ PATH_TRANSLATED support for CGI. PHP's previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok what PATH_INFO is.
For more information on PATH_INFO, see the CGI specs.
Setting this to 1 will cause PHP CGI to fix its paths to conform to the spec.
A setting of zero causes PHP to behave as before. It is turned on by default.
You should fix your scripts to use SCRIPT_FILENAME rather than PATH_TRANSLATED."
And the cgi specs are here
http://tools.ietf.org/html/draft-robinson-www-interface-00
Why are you running fcgid?
I thought, that running WHMCS as FCGid causes errors with domains, no?
I can run fcgid now because I have whmcs on a different box, so it will not interfere with domain set up on the provisioned box.
When you run whmcs on the same box as you are providing then fcgid causes the 500 error due to reload of apache
In PHP 5.3, when using the CGI PHP Execution Mode, the SCRIPT_NAME and PHP_SELF PHP variables seem to be pointing to the CGI Wrapper script (/cgi-bin/php5.cgi), rather than the actual PHP script that's being run.
That behavior is a little odd, and it drives me all kinds of crazy :-)
The setting you enabled will often help with that.
We also have another workaround for that issue coming out in the next Virtualmin version.
-Eric
Awesome to hear, Eric! You folks do indeed make a wonderful product, and of course, take security seriously.
Take care, and enjoy!
I'm saving up some money so that I can sometime upgrade Virtualmin. Great control panel, seriously nice stuff since Joe actually pointed out that efforts go into making it accessible to folks with lwo vision or noe whatsoever.
So many web developers and web app designers care only about graphics these days, but it's great to see those that don't!
Do continue to keep up the wonderful work you folks por into the Virtualmin product line.