400 error Bad Request

RokleM · Joined: 13 Sep 2007 Posts: 9

I have a working cacti install that has been running for a while. I want to integrate the weathermap plugin.

I installed 93 today but am receiving 400 "Bad Request" errors when attempting to use the browser editor anytime I click "add node" and click on the map.

My editor config:

$cacti_base = "/var/www/html/cacti";
$cacti_url = "https://xxxxxxxxxxxx/cacti/";
$mapdir='configs';
$ignore_cacti = FALSE;

Howie · Posted: Thu Oct 18, 2007 5:18 pm Post subject:

If you are able to, does it make any difference if you use http instead of https? I can't think why it would affect the editor, but it's relatively unusual (I don't test with SSL, anyway).

Also, what is your memory_limit set to in php? Adding a node is one place where the memory in use before and after the action is definitely increasing, so you may be hitting the limit. PHP just stops dead in that situation, which might give you this kind of thing.

RokleM · Joined: 13 Sep 2007 Posts: 9

RokleM · Joined: 13 Sep 2007 Posts: 9

Fixed... HTTP security module. Found the error in the ssl_error_log.

[Fri Oct 19 11:21:14 2007] [error] [client 172.29.190.200] ModSecurity: Access denied with code 400 (phase 2). Pattern match "\\\\%(?!$|\\\\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" at ARGS:map_stamp. [id "950107"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [hostname "xxxxxxxx"] [uri "/cacti/plugins/weathermap/editor.php"] [unique_id "FdtDC6oiseAAAFSwLUwAAAAB"]

As well just as a FYI, there is a file missing from the install as well.
[Fri Oct 19 11:21:09 2007] [error] [client 123.123.123.123] File does not exist: /var/www/html/cacti/plugins/weathermap/images/alert.png, referer: https://xxxxxxxxx/cacti/plugins/weathermap/editor.css

Howie · Posted: Fri Oct 19, 2007 11:01 am Post subject:

Oops.thanks for that. I'll fix it.

Didn't think about mod_security. Mine normally gives 500 errors for that kind of stuff.