profile picture help

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    profile picture help

    hello

    when i try to select profile picture from gallery then i get 500 Internal Server Error

    i using .htaccess file

    when i remove .htaccess file then it works good. what is the problem in this .htaccess that members cannot able to change profile picture from gallery when i use .htaccess file. everything is working fine but only problem comes while selecting profile picture from gallery.help please.

    PHP Code:
    RewriteEngine on
    Options 
    -Indexes

    Options 
    +FollowSymlinks
    RewriteRule 
    ^(.*)\.htm$ $1.php [nc]

    #php_value session.use_only_cookies 1
    #php_value session.use_trans_sid 0
    #php_flag register_globals off
    #php_flag allow_url_include 0
    #php_value upload_max_filesize 5M
    #php_value max_execution_time 200
    #php_value max_input_time 200
    #php_value post_max_size 40M
    #php_value session.use_trans_sid 1
    #php_value safe_mode_gid 1
    #php_value safe_mode_include_dir 1
    #php_value magic_quotes_runtime 0
    #php_value magic_quotes_sybase 0 
    #php_value allow_url_fopen 0
    #php_value arg_separator.output "&"

    Options +FollowSymlinks
    RewriteCond 
    %{QUERY_STRINGbase64_encode.*\(.*\) [OR]
    RewriteCond %{QUERY_STRINGhttp:.*\/.*\/ [OR]
    RewriteCond %{QUERY_STRING} ..*\/ [OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRINGGLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING_REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC]
    RewriteRule (.*) - [F]

    # Block out any script trying to set a mosConfig value through the URL

    RewriteCond %{QUERY_STRINGmosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

    # Block out any script trying to base64_encode crap to send via URL

    RewriteCond %{QUERY_STRINGbase64_encode.*\(.*\) [OR]

    # Block out any script that includes a <script> tag in URL

    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

    # Block out any script trying to set a PHP GLOBALS variable via URL

    RewriteCond %{QUERY_STRINGGLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

    # Block out any script trying to modify a _REQUEST variable via URL

    RewriteCond %{QUERY_STRING_REQUEST(=|\[|\%[0-9A-Z]{0,2})

    # Send all blocked request to homepage with 403 Forbidden error!

    RewriteRule ^(.*)$ index.php [F,L]

    DirectoryIndex index.php

    SetEnv TZ Asia
    /Manila
    AddDefaultCharset utf
    -8
    DefaultLanguage en
    -US
    LimitRequestBody 10240000

    <FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
     
    Order Allow,Deny
     Deny from all
    </FilesMatch>

    <
    ifmodule mod_php4.c>
     
    #php_value zlib.output_compression 16386
    </ifmodule>

    AddType image/gif                       .gif .GIF
    AddType image
    /ief                       .ief
    AddType image
    /jpeg                      .jpeg .jpg .jpe .JPG
    AddType image
    /tiff                      .tiff .tifAuthName wapadik.net
    IndexIgnore 
    .htaccess */.??* *~ *# */HEADER* */README* */_vti*

    RewriteCond %{REQUEST_METHOD} (GET) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)https(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)https%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)http(%3A|:)(/|%2F){2}(.*)$ [NC]
    RewriteRule (.*) /huwad/blocker/blocker1.php   [L]

    RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)(%20SELECT%20|%20INSERT%20|CHAR\(|%20UPDATE%20|%20REPLACE%20)(.*)$ [NC]
    RewriteRule (.*) /huwad/blocker/blocker1.php   [L]

    RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)(%3C|<)/?script(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=)?javascript(%3A|:)(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)document\.location\.href(.*)$ [OR]

    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)http%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)ftp(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)ht%20tp(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)htt%20p(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)http%20(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)h%20ttp(%3A|:)(/|%2F){2}(.*)$ [NC,OR]

    RewriteCond %{QUERY_STRING} ^(.*)base64_encode(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)GLOBALS(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)_REQUEST(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)_vti(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)MSOffice(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)/etc/passwd(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)//(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)ShellAdresi.TXT(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)\[evil_root\]?(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)\.\./\.\./\.\./(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)/proc/self/environ(.*)$
    RewriteRule (.*) /huwad/blocker/blocker1.php   [L]

    RewriteCond %{HTTP_USER_AGENT} @nonymouse|ADSARobot|amzn_assoc|Anarchie|ASPSeek|Atomz|^[^?]*addresses\.com|AdvancedEmailExtractor|ah-ha|aktuelles|almaden|Art-Online|AspiWeb|ASSORT|ATHENS|attach|attache|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|bmclient|BostonProject|Botmailto:craftbot@yahoo.com|BravoBrianSpiderEngineMarcoPolo|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|CrescentInternetToolPack|cURL|Custo|cyberalert|Deweb|diagem|Digger|Digimarc|DIIbot|DirectUpdate|DISCo|DownloadAccelerator|DownloadDemon|DownloadWonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|echo\ extense|ecollector|efp@gmx\.net|EirGrabber|EmailCollector|EmailExtractor|EmailSiphon|EmailWolf|ExpressWebPictures|ExtractorPro|EyeNetIE|fastlwspider|FavOrg|FavoritesSweeper|FetchAPIRequest|FEZhead|FileHound|FlashGet|FlickBot|fluffy|frontpage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go!Zilla|Go-Ahead-Got-It|GornKer|Grabber|GrabNet|Grafula|GreenResearch|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|HTTPagent|HTTPConnect|httpdown|httpgeneric|HTTrack|^[^?]*iaea\.org|IBM_Planetwide|^[^?]*\.ideography\.co\.uk|ImageStripper|ImageSucker|imagefetch|IncyWincy|IndyLibrary|informant|Ingelin|InterGET|InternetNinja|InternetLinkAgent|InternetSeer\.com|Iria|Irvine|iOpus|IPiumBotlaurion(dot)com|Jakarta|JBH*Agent|JetCar|JustView|Kapere|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|libwww|likse|Link*Sleuth|LINKSARoMATIZED|LinkWalker|LWP|lwp-trivial|Magnet|MacFinder|Mag-Net|MassDownloader|MemoWeb|MCspider|MicrosoftURLControl|MIDowntool|minibot\(NaverRobot\)|Mirror|MissiguaLocator|MisterPiX|MMMtoCrawl\/UrlDispatcherLLL|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|netfactual|netcraft|NetMechanic|netprospector|NetResearchServer|NetSpider|NetVampire|NetZIP|NEWT|nicerspro|NPBot|Octopus|OfflineExplorer|OfflineNavigator|OpaL|Openfind|OpenTextSiteCrawler|OutWit|PackRat|PageGrabber|PapaFoto|pavuk|pcBrowser|PersonaPilot|PingALink|Pockey|ProgramShareware|psbot|PSurf|puf|Pump|PushSite|QRVA|QuepasaCreep|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|SearchExpress|searchhippo|searchterms\.it|SecondStreetResearch|Shai|sitecheck|SiteMapper|SiteSnagger|SlySearch|SmartDownload|snagger|SpaceBison|Spegla|SpiderBot|SqWorm|StarDownloader|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|TeleportPro|Telesoft|Templeton|traffixer|TrueRobot|TuringOS|TurnitinBot|TV33_Mercator|UIowaCrawler|URL_Spider_Pro|UtilMind|Vacuum|vagabondo|vayala|visibilitygap|vobsub|VoidEYE|vspider|w3mir|web\.by\.mail|WebDataExtractor|WebDownloader|WebImageCollector|WebSucker|WebAuto|webbandit|Webclipping|webcollector|webcollage|WebCopier|webcraft@bea|WebDAV|webdevil|webdownloader|Webdup|WebEmailExtractor|WebFetch|WebGoIS|WebHook|Webinator|WebLeacher|WebMiner|WebMirror|webmole|WebReaper|WebSauger|WEBsaver|WebsiteeXtractor|WebsiteQuester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Wget|whizbang|WhosTalking|Widow|WISEbot|WUMPUS|Wweb|WWWOFFLE|Wysigot|XaldonWebSpider|XGET|x-Tractor|Zeus.* [OR]

    RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
    RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)=/home(.+)?/(.*)/(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
    RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
    RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
    RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
    RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]
    RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]
    RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(ls|cd|cat|rm|mv|vim|chmod|chdir|mkdir|rmdir|pwd|clear|whoami|uname|tar|zip|unzip|tar|gzip|gunzip|grep|more|ln|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$
    #RewriteRule  (.*)  /huwad/blocker/blocker3.php  [L]


    <IfModule mod_php5.c>
      
    php_value date.timezone "Asia/Kolkata"
    </IfModule>


    <
    Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    deny from 203.177.42.214
    deny from 112.198.79.105 
    sigpic

    WANT GOOD CHEAP HOSTING WITH 99% UPTIME? THEN PM ME FOR DETAILS!!

    #2
    tbh, first time i`ve seen ht so frickin huge. why the heck, you even, have commented lines and brackets in ht??
    Nous Ne Dansos Pas, Nous Sommes Le Danse.!

    Comment


      #3
      sorry i dont get you? ht?
      sigpic

      WANT GOOD CHEAP HOSTING WITH 99% UPTIME? THEN PM ME FOR DETAILS!!

      Comment


      • GumSlone
        GumSlone commented
        Editing a comment
        he means .htaccess

      #4
      thanks gumslone. yes it is huge but i am not able to find problem i think there is problem with ADDTYPE is it ok or need to change something?
      Last edited by thunderwap; 28.04.15, 08:17.
      sigpic

      WANT GOOD CHEAP HOSTING WITH 99% UPTIME? THEN PM ME FOR DETAILS!!

      Comment


        #5
        do you have mod security installed on your server?
        if so you can remove 80% of lines from your htaccess,

        i would recommend you to remove the security lines, and leave only the lines which are needed for the site to work properly,

        if you do this, you can test it again.

        if the error continues to appear, you can try to find out which line causes this errors, by removing line by line from htaccess,
        once you find the problem line, post it here so we may find a solution for it.




        Advertise your mobile site for FREE with AdTwirl

        Comment


          #6
          i dont think so mod security is installed.

          i tried to see about mod security with

          PHP Code:
          <? phpinfo(); ?>
          when i open in browser it shows blank page.

          what is the other way to find out if my server has mod security installed?


          thanks gumslone i tried to remove line 1 by 1 and found the problem.deleted 3 lines from htaccess and it worked.

          i also added new ADDTYPE . is this good to use? it will stop to upload invalid file formats?


          PHP Code:
          AddType image/gif .gif
          AddType image
          /gif .gif
          AddType image
          /jpeg .jpeg .jpg .jpe .JPG
          AddType image
          /png .png .PNG
          addtype audio
          /x-mpegurl m3u
          addtype audio
          /mpegurl m3u
          addtype text
          /vnd.wap.wml wml
          addtype application
          /vnd.wap.wmlc wmlc
          addtype text
          /vnd.wap.wmlscript wmls
          addtype application
          /vnd.wap.wmlscriptc wmlsc
          addtype image
          /vnd.wap.wbmp wbmp
          addType application
          /java-archive jar
          addType application
          /x-java-archive jar
          addType text
          /vnd.sun.j2me.app-descriptor;charset=UTF-8 jad
          addType application
          /vnd.symbian.install sis
          addType application
          /vnd.symbian.install sisx
          addType audio
          /3gpp 3gp
          addType video
          /3gpp 3gp
          addType audio
          /x-wav wav
          addType audio
          /amr amr
          addType audio
          /amr-wb awb
          addType audio
          /mpeg mp3
          addType audio
          /x-midi mid
          addType audio
          /midi mid
          addType audio
          /midi midi
          addType application
          /x-smaf mmf
          addType application
          /vnd.smaf mmf
          addType application
          /vnd.mophun.application mpn
          addType application
          /vnd.mophun.application mpc
          addType application
          /vnd.eri.thm thm
          addType application
          /vnd.nok-s40theme nth 
          Last edited by thunderwap; 02.05.15, 08:33.
          sigpic

          WANT GOOD CHEAP HOSTING WITH 99% UPTIME? THEN PM ME FOR DETAILS!!

          Comment

          Working...
          X