Cross listing in case devel people don't see users list.
Regards
Alvaro
---------- Forwarded message ----------
From: Alvaro Cornejo <[EMAIL PROTECTED]>
Date: May 16, 2007 1:03 PM
Subject: Re: 403 forbidden. You don have permissions: KANNEL HTTP HEADER BUG?
To: Steve Totaro <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Hi All
I found the problem.
I'm using Apache 2.2 in fed 5. It has the module mod_security.so
ENABLED and there is a security filter that denied kannel to send the
GET url to the php script:
# Require HTTP_USER_AGENT and HTTP_HOST headers
# SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
I've commented the seccond line and that allowed kannel to send the
GET URL to my script.
I got the tip from the Apache error log:
[Wed May 16 12:44:19 2007] [error] [client 127.0.0.1] mod_security:
Access denied with code 403. Pattern match "^$" at
HEADER("USER-AGENT") [severity "EMERGENCY"] [hostname "127.0.0.1"]
[uri "/sms/test.php?"]
Does Kannel has a bug or uses a non standard html header when creating
the connection to the php script??
Also, commenting the mentioned security filter is a risk to my system?
I have this equippment connected to the internet.
Regards
Alvaro
On 5/16/07, Steve Totaro <[EMAIL PROTECTED]> wrote:
Check your permissions for the file you are calling (sms/test.php). Do
a chmod 0777 and see if it works then.
Thanks,
Steve Totaro
http://www.asteriskhelpdesk.com
KB3OPB
> -----Original Message-----
> From: Alvaro Cornejo [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 16, 2007 1:04 PM
> To: [EMAIL PROTECTED]
> Subject: 403 forbidden. You don have permissions
>
> Hi
>
> This might not be a problem with kannel but I think I might have some
> feedback from the list.
>
> I'm using latest kannel CVS and try to setup a generic http smsc with:
>
> # SMSC HTTP TEST
> group = smsc
> smsc = http
> smsc-id = test
> system-type = generic
> port = 13016
> send-url =
> http://127.0.0.1/sms/test.php?u=user&p=pass&to=%p&from=%P&msg=%a
> status-success-regex = "ok"
> status-permfail-regex = "failure"
> status-tempfail-regex = "retry later"
>
> The issue is that when kannel try to send a message to the refered
> URL, I get the error:
>
> 2007-05-16 10:53:17 [3243] [12] DEBUG: HTTP: Opening connection to
> `127.0.0.1:80' (fd=38).
> 2007-05-16 10:53:17 [3243] [12] DEBUG: Socket connecting
> 2007-05-16 10:53:17 [3243] [11] DEBUG: Get info about connecting
socket
> 2007-05-16 10:53:17 [3243] [11] DEBUG: HTTP: Sending request:
> 2007-05-16 10:53:17 [3243] [11] DEBUG: Octet string at 0x8a8e490:
> 2007-05-16 10:53:17 [3243] [11] DEBUG: len: 97
> 2007-05-16 10:53:17 [3243] [11] DEBUG: size: 1024
> 2007-05-16 10:53:17 [3243] [11] DEBUG: immutable: 0
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: GET /sms/test.php?
> HTTP/1.
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: 1..Host:
> 127.0.0.1.Connectio
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: n: keep-alive...
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: 0a
> .
> 2007-05-16 10:53:17 [3243] [11] DEBUG: Octet string dump ends.
> 2007-05-16 10:53:17 [3243] [11] DEBUG: HTTP: Status line: <HTTP/1.1
> 403 Forbidden>
> 2007-05-16 10:53:17 [3243] [11] DEBUG: HTTP: Received response:
> 2007-05-16 10:53:17 [3243] [11] DEBUG: Octet string at 0x8a8e490:
> 2007-05-16 10:53:17 [3243] [11] DEBUG: len: 468
> 2007-05-16 10:53:17 [3243] [11] DEBUG: size: 1024
> 2007-05-16 10:53:17 [3243] [11] DEBUG: immutable: 0
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: Date: Wed, 16 Ma
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: y 2007 15:53:17
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: GMT..Server: Apa
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: che/2.2.2 (Fedor
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: a)..Content-Leng
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: th: 313..Connect
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: ion: close..Cont
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: ent-Type: text/h
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: tml; charset=iso
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: -8859-1....<!DOC
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: TYPE HTML PUBLIC
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: "-//IETF//DTD H
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: TML 2.0//EN">.<h
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: tml><head>.<titl
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: e>403 Forbidden<
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: /title>.</head><
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: body>.<h1>Forbid
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: den</h1>.<p>You
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: don't have permi
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: ssion to access
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: /sms/test.php
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: .on this serv
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: er.</p>.<hr>.<ad
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: dress>Apache/2.2
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: .2 (Fedora) Serv
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: er at 127.0.0.1
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: Port 80</addr
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: ess>.</body></ht
> 2007-05-16 10:53:17 [3243] [11] DEBUG: data: ml>.
> 2007-05-16 10:53:17 [3243] [11] DEBUG: Octet string dump ends.
> 2007-05-16 10:53:17 [3243] [7] ERROR: HTTP[nxtl_mail]: Message was
> rejected. SMSC reponse was:
> 2007-05-16 10:53:17 [3243] [7] DEBUG: Octet string at 0x8a8e568:
> 2007-05-16 10:53:17 [3243] [7] DEBUG: len: 313
> 2007-05-16 10:53:17 [3243] [7] DEBUG: size: 314
> 2007-05-16 10:53:17 [3243] [7] DEBUG: immutable: 0
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: <!DOCTYPE HTML P
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: UBLIC "-//IETF//
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: DTD HTML 2.0//EN
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: ">.<html><head>.
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: <title>403 Forbi
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: dden</title>.</h
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: ead><body>.<h1>F
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: orbidden</h1>.<p
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: >You don't have
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: permission to ac
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: cess /sms/test.php
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: .on this
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: server.</p>.<hr
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: >.<address>Apach
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: e/2.2.2 (Fedora)
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: Server at 127.0
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: .0.1 Port 80<
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: /address>.</body
> 2007-05-16 10:53:17 [3243] [7] DEBUG: data: ></html>.
> 2007-05-16 10:53:17 [3243] [7] DEBUG: Octet string dump ends.
> 2007-05-16 10:53:17 [3243] [7] DEBUG: SMSC[nxtl_mail]: creating DLR
> message
> 2007-05-16 10:53:17 [3243] [7] DEBUG: SMSC[nxtl_mail]: DLR =
> http://127.0.0.1/sms/dlr.php?type=%d&slid=428&uid=1
> 2007-05-16 10:53:17 [3243] [10] DEBUG: send_msg: sending msg to box:
> <127.0.0.1>
> 2007-05-16 10:53:17 [3243] [10] DEBUG: boxc_sender: sent message to
> <127.0.0.1>
> 2007-05-16 10:53:17 [3243] [9] DEBUG: boxc_receiver: got ack
> 2007-05-16 10:53:37 [3243] [9] DEBUG: boxc_receiver: heartbeat with
> load value 0 received
>
> However, if I take the same URL and put it into a web
> browser/lynx/Firefox/IExplorer, the transaccition succees with no
> issues.
>
> Kannel is running under root/root ( bearerbox kannel.conf --start
> --background --chuid root:root --exec ) permissions in test.php are
>
> -rwsr-xr-x 1 root root 2211 May 16 10:20 test.php
>
> I'v also tried
> -rw-r--r-- 1 root root 2211 May 16 10:37 test.php
>
> but got the same error.
>
> Any ideas???
>
> Thanks
>
> Alvaro
