Le lundi 23 novembre 2009 20:26, [email protected] a écrit : > Le lundi 23 novembre 2009 17:26, chasd a écrit : > > There should be some type of PHP error in the web server log, even if > > RoundCube doesn't write a log file. > > hi charles > hi all > hi list > > Here is the information you request it from the vhosts that contains > roundcubemail, which is installed properly. like the fact my friend the > computer company > > I received a lecture of computer that day. I thank, I learned a lot in > three hours > > the log file of vhosts : > > [r...@r13151 ~]# tail -f /var/log/httpd/roundcube-error_log > [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: > Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD > " required. > [file > "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] > [line "41"] [id "960015"] [msg "Reque > st Missing an Accept Header"] [severity "CRITICAL"] > [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout > e.fr"] [uri "/"] [unique_id "bdt3UVdiuugAAHbbVjAAAAAA"] > [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: > Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD > " required. > [file > "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] > [line "41"] [id "960015"] [msg "Reque > st Missing an Accept Header"] [severity "CRITICAL"] > [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout > e.fr"] [uri "/skins/default/common.css"] > [unique_id "bea-jFdiuugAAHbrfQQAAAAF"] > [Mon Nov 23 00:54:27 2009] [error] [client 81.56.161.95] ModSecurity: > Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD > " required. > [file > "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] > [line "41"] [id "960015"] [msg "Reque > st Missing an Accept Header"] [severity "CRITICAL"] > [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout > e.fr"] [uri "/skins/default/images/roundcube_logo.png"] > [unique_id "becyH1diuugAAHbgXvgAAAAB"] > [Mon Nov 23 00:54:32 2009] [error] [client 81.56.161.95] ModSecurity: > Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD > " required. > [file > "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] > [line "41"] [id "960015"] [msg "Reque > st Missing an Accept Header"] [severity "CRITICAL"] > [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.renelacrout > e.fr"] [uri "/"] [unique_id "bjVcpldiuugAAHbte-kAAAAG"] > [Mon Nov 23 10:29:06 2009] [error] [client 62.147.237.78] ModSecurity: > Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHO > D" required. > [file > "/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] > [line "41"] [id "960015"] [msg "Requ > est Missing an Accept Header"] [severity "CRITICAL"] > [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "roundcube.fakessh.eu > "] [uri "/"] [unique_id "dPm5eFdiuugAAHbrfQ0AAAAF"] > [Mon Nov 23 11:57:18 2009] [error] [client 213.41.153.223] File does not > exist: /home/roundcube/www/favicon.ico > [Mon Nov 23 12:11:31 2009] [error] [client 213.41.153.223] File does not > exist: /home/roundcube/www/favicon.ico > [Mon Nov 23 15:51:28 2009] [error] [client 213.41.153.223] File does not > exist: /home/roundcube/www/favicon.ico > [Mon Nov 23 15:55:47 2009] [error] [client 213.41.153.223] File does not > exist: /home/roundcube/www/favicon.ico > [Mon Nov 23 16:12:11 2009] [error] [client 213.41.153.223] File does not > exist: /home/roundcube/www/favicon.ico > [Mon Nov 23 17:19:28 2009] [error] [client 83.193.172.167] File does not > exist: /home/roundcube/www/favicon.ico > [Mon Nov 23 17:19:31 2009] [error] [client 83.193.172.167] File does not > exist: /home/roundcube/www/favicon.ico > > > [r...@r13151 ~]# tail -f /var/log/httpd/roundcube-access_log > 83.193.172.167 - - [23/Nov/2009:17:19:28 +0100] "GET /favicon.ico HTTP/1.1" > 404 299 > 83.193.172.167 - - [23/Nov/2009:17:19:31 +0100] "GET /favicon.ico HTTP/1.1" > 404 299 > 85.92.222.254 - - [23/Nov/2009:17:28:25 +0100] "GET / HTTP/1.1" 200 2679 > 193.164.156.10 - - [23/Nov/2009:17:28:25 +0100] "GET / HTTP/1.1" 200 2441 > 193.164.156.10 - - [23/Nov/2009:17:28:26 > +0100] "GET /skins/default/images/favicon.ico HTTP/1.1" 200 1150 > 193.164.156.10 - - [23/Nov/2009:17:28:26 > +0100] "GET /skins/default/common.css?s=1254823233 HTTP/1.1" 200 8671 > 193.164.156.10 - - [23/Nov/2009:17:28:26 > +0100] "GET /program/js/common.js?s=1256995296 HTTP/1.1" 200 11303 > 193.164.156.10 - - [23/Nov/2009:17:28:26 > +0100] "GET /program/js/jquery-1.3.min.js?s=1240222531 HTTP/1.1" 200 57254 > 193.164.156.10 - - [23/Nov/2009:17:28:26 > +0100] "GET /program/js/app.js?s=1256995295 HTTP/1.1" 200 89866 > 193.164.156.10 - - [23/Nov/2009:17:28:26 > +0100] "GET /skins/default/images/roundcube_logo.png HTTP/1.1" 200 6794 > 193.164.156.10 - - [23/Nov/2009:17:28:26 > +0100] "GET /skins/default/images/listheader.gif HTTP/1.1" 200 538 > 193.164.156.10 - - [23/Nov/2009:17:28:27 > +0100] "GET /skins/default/images/buttons/bg.gif HTTP/1.1" 200 211 > 85.92.222.254 - - [23/Nov/2009:17:28:33 +0100] "GET / HTTP/1.1" 200 2679 > 193.164.156.10 - - [23/Nov/2009:17:28:33 +0100] "GET / HTTP/1.1" 200 2441 > 193.164.156.10 - - [23/Nov/2009:17:28:34 > +0100] "GET /skins/default/images/favicon.ico HTTP/1.1" 200 1150 > 193.164.156.10 - - [23/Nov/2009:17:28:34 > +0100] "GET /skins/default/common.css?s=1254823233 HTTP/1.1" 200 8671 > 193.164.156.10 - - [23/Nov/2009:17:28:34 > +0100] "GET /program/js/common.js?s=1256995296 HTTP/1.1" 200 11303 > 193.164.156.10 - - [23/Nov/2009:17:28:34 > +0100] "GET /program/js/jquery-1.3.min.js?s=1240222531 HTTP/1.1" 200 57254 > 193.164.156.10 - - [23/Nov/2009:17:28:34 > +0100] "GET /program/js/app.js?s=1256995295 HTTP/1.1" 200 89866 > 193.164.156.10 - - [23/Nov/2009:17:28:34 > +0100] "GET /skins/default/images/listheader.gif HTTP/1.1" 200 538 > 193.164.156.10 - - [23/Nov/2009:17:28:34 > +0100] "GET /skins/default/images/roundcube_logo.png HTTP/1.1" 200 6794 > 193.164.156.10 - - [23/Nov/2009:17:28:34 > +0100] "GET /skins/default/images/buttons/bg.gif HTTP/1.1" 200 211 > 83.193.172.167 - - [23/Nov/2009:19:15:30 +0100] "GET /?_task=&_action=login > HTTP/1.1" 200 2534 > 83.193.172.167 - - [23/Nov/2009:19:16:08 +0100] "GET /?_task=&_action=login > HTTP/1.1" 200 2534 > 83.193.172.167 - - [23/Nov/2009:19:16:09 > +0100] "GET /skins/default/common.css?s=1254823233 HTTP/1.1" 304 - > 83.193.172.167 - - [23/Nov/2009:19:16:09 > +0100] "GET /program/js/jquery-1.3.min.js?s=1240222531 HTTP/1.1" 304 - > 83.193.172.167 - - [23/Nov/2009:19:16:09 > +0100] "GET /program/js/common.js?s=1256995296 HTTP/1.1" 304 - > 83.193.172.167 - - [23/Nov/2009:19:16:09 > +0100] "GET /program/js/app.js?s=1256995295 HTTP/1.1" 304 - > 83.193.172.167 - - [23/Nov/2009:19:16:09 > +0100] "GET /skins/default/images/roundcube_logo.png HTTP/1.1" 304 - > 83.193.172.167 - - [23/Nov/2009:19:16:09 > +0100] "GET /skins/default/images/listheader.gif HTTP/1.1" 304 - > 83.193.172.167 - - [23/Nov/2009:19:16:09 > +0100] "GET /skins/default/images/buttons/bg.gif HTTP/1.1" 304 - > 83.193.172.167 - - [23/Nov/2009:19:16:09 > +0100] "GET /skins/default/images/display/icons.png HTTP/1.1" 304 - > 83.193.172.167 - - [23/Nov/2009:19:20:36 +0100] "POST / HTTP/1.1" 200 2441 > [r...@r13151 ~]# > > thanks charlles > > thanks all > _______________________________________________ > List info: http://lists.roundcube.net/users/
Hi list Hi all removing mod_security apache server, I finally have access to webmail roundcube mod_security is still important to combat all kinds of attacks remove mod_security is not a stable solution, my server becomes vulnerable to all sorts of attacks I use the last official realease team roundcube: ie the version 0.3.1 and plus I never managed to run the installer thanks for all your feedbacks _______________________________________________ List info: http://lists.roundcube.net/dev/
