0

I'm using one of the WooCommerce Appointment plugin and it's causing a 500 internal error.

It seems the Modsecurity intercepts the http access but I don't know what's wrong in the following log.

--a7316b05-A-- [02/Dec/2020:01:37:02 +0800] X8Z-PAqMAA4AAAp171YAAAAE 210.242.3.205 53878 10.140.0.14 443

--a7316b05-B-- GET /wp-admin/admin.php?post_type=wc_appointment&page=appointment_calendar&calendar_month=12&view=month&tab=calendar&filter_appointable_product=&filter_appointable_staff=&calendar_month=11&calendar_year=2020 HTTP/1.1 Host: homie.tw Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://homie.tw/wp-admin/admin.php?page=appointment_calendar&calendar_year=2020&calendar_month=12&view=month Accept-Encoding: gzip, deflate, br Accept-Language: zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7,ja;q=0.6,zh-CN;q=0.5 Cookie: wordpress_sec_39c5768458d20eee442b5f013f95c6e4=chihao.weng%40gmail.com%7C1606879569%7CIYBGng45F7DiEjkIlD5y2rCpJPu7QdupcJsax3TNQmT%7C99241b7eeb1b6d93b810479b22b84ecc4ff13e5394d5798b59840f4f759f649d; mp_a36067b00a263cce0299cfd960e26ecf_mixpanel=%7B%22distinct_id%22%3A%20%221736f1935d51cd-0a84c5198fb224-31617402-fa000-1736f1935d6df1%22%2C%22%24device_id%22%3A%20%221736f1935d51cd-0a84c5198fb224-31617402-fa000-1736f1935d6df1%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fhomie.tw%2Fwp-admin%2Fplugins.php%22%2C%22%24initial_referring_domain%22%3A%20%22homie.tw%22%7D; _ga=GA1.2.332580245.1599972620; energyplus-u=8d66286c0cdf0413991242985d297257; wordpress_test_cookie=WP%20Cookie%20check; tk_ai=woo%3ADAEy5asYphPD0Q3i1p5KUhdQ; woocommerce_recently_viewed=1106%7C1433%7C1104%7C1105%7C1103%7C1101; wordpress_logged_in_39c5768458d20eee442b5f013f95c6e4=chihao.weng%40gmail.com%7C1606879569%7CIYBGng45F7DiEjkIlD5y2rCpJPu7QdupcJsax3TNQmT%7C0af3928e6a5cc78caf2d4fc871526abac2817b1604d085a887e9f81a7bc76fe2; wp-settings-1=libraryContent%3Dbrowse%26editor%3Dtinymce%26hidetb%3D1; wp-settings-time-1=1606706772; woocommerce_items_in_cart=1; woocommerce_cart_hash=0737a3efd621083e63e459451c8eb2b8; wp_woocommerce_session_39c5768458d20eee442b5f013f95c6e4=1%7C%7C1606879577%7C%7C1606875977%7C%7Cf29b691703754018bf8562fa8f40249c

--a7316b05-F-- HTTP/1.1 500 Internal Server Error Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin-when-cross-origin Content-Length: 2789 Connection: close Content-Type: text/html; charset=UTF-8

--a7316b05-H-- Apache-Handler: application/x-httpd-php Stopwatch: 1606844220929440 1447814 (- - -) Stopwatch2: 1606844220929440 1447814; combined=9964, p1=429, p2=8091, p3=65, p4=1265, p5=113, sr=13, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); OWASP_CRS/3.2.0. Server: Apache Engine-Mode: "ENABLED"

--a7316b05-Z--

cabrerahector
  • 3,653
  • 4
  • 16
  • 27
翁啟豪
  • 77
  • 2
  • 10
  • A 500 error is a generic error message and covers pretty much every single thing that can go wrong with a PHP script. Check your server error logs to find out the exact error message. – aynber Dec 01 '20 at 17:50
  • I noticed a `strict-origin-when-cross-origin ` error in the log. Did you change wordpress' domain recently? Or did you more from www to non-www version recently? Try saving your permalinks again (in settings menu) – Ozgur Sar Dec 01 '20 at 18:02
  • I tried to change header to Access-Control-Allow-Origin: * but it still throw 500 error I don't see any error in apache/error.log. The 500 error only shown in modsec_audit.log I made a video how it happened. https://streamable.com/14rzyz – 翁啟豪 Dec 01 '20 at 18:25

0 Answers0