Ticket #1485193 (closed Bugs: wontfix)

Opened 5 months ago

Last modified 3 months ago

Cannot view HTML email messages - Internal Server Error 500

Reported by: FrankRicard Owned by:
Priority: 2 Milestone: 0.2-beta
Component: PHP backend Version: 0.2-alpha
Severity: normal Keywords: 500, html, mod_security, gzip
Cc:

Description

When attempting to view email messages composed in HTML (as opposed to plain/text), the server returns a blank page along with an Internal Server Error 500. I have tracked the problem down to ModSecurity? (aka modsec or mod_security, depending on version).

Server: Linux (Fedora 9); Apache 2.2.8; PHP 5.2.6; RoundCube 0.2-Alpha

Here is the log from ModSecurity?: 

****************************************************

--80495d17-A--
[04/Jul/2008:01:24:52 --0700] db1-0H8AAAEAAAmLNeMAAAAG 71.245.97.90 60425 71.245.97.91 443
--80495d17-B--
GET /mail/?_task=mail&_action=show&_uid=3736&_mbox=INBOX HTTP/1.1
Host: www.xxxxx.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.domain.com/mail/?_task=mail&_mbox=INBOX&_refresh=1
Cookie: language=en; PLASESSID=5obrid2j0rqendoga9ij4qe2b0; collapsedNodes=; roundcube_sessid=3b34a1131c8ffc629c21296135b3a009

--80495d17-F--
HTTP/1.0 500 Internal Server Error
X-Powered-By: PHP/5.2.6
Expires:
Cache-Control: max-age=0
Pragma:
Last-Modified: Fri, 04 Jul 2008 08:23:52 GMT
Etag: "88dd43ecf32e88de878958b06fdccc47"
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 26
Connection: close
Content-Type: text/html; charset=UTF-8

--80495d17-E--
^_�^H^@^@^@^@^@^@^C^B^@^@^@��^C^@^@^@^@^@^@^@^@^@
--80495d17-H--
Message: Could not set variable "resource.alerted_960903_compression" as the collection does not exist.
Message: Warning. Operator EQ match: 0. [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"]
Apache-Handler: php5-script
Stopwatch: 1215159892541392 243714 (180 2454 243192)
Response-Body-Transformed: Dechunked
Producer: ModSecurity v2.1.7 (Apache 2.x)
Server: Apache/2.2.8 (Fedora) DAV/2 mod_auth_kerb/5.3 PHP/5.2.6 mod_python/3.3.1 Python/2.5.1 mod_ssl/2.2.8 OpenSSL/0.9.8b

--80495d17-Z--


****************************************************

It appears as though the HTML email messages are being compressed via GZIP compression, and ModSecurity? cannot understand this for some reason. So, A) Why are these being compressed in GZIP format, and B) Is there a way to disable GZIP compression?

I'm not 100% sure that GZIP is the problem, but it seems as though things are pointing in that direction.

Change History

Changed 4 months ago by estadtherr

text/html response content is probably gzip-encoded by default when that module is active (since that's what most web pages return). Your browser asked for gzip encoding in the request header, so apache was just doing what you told it. :)

It is the mod_deflate module that does the gzip encoding of response packets. Disabling that module should get around the mod_security incompatibility.

Changed 4 months ago by flurischt

you could exclude this mod_security rule (id: 960903) for the roundcube directory in apache config.

examples on how to configure the exclusion: for modsec 2.5 http://downloads.prometheus-group.com/delayed/rules/modsec/05_asl_exclude.conf for modsec 2.x http://www.gotroot.com/downloads/ftp/mod_security/2.0/apache2/exclude.conf for modsec 1.9 http://www.gotroot.com/downloads/ftp/mod_security/exclude.conf

Changed 3 months ago by alec

  • status changed from new to closed
  • resolution set to wontfix

Closing as not roundcube problem.

Changed 3 months ago by alec

  • keywords html, mod_security, gzip added; html removed
Note: See TracTickets for help on using tickets.