Stange 500 internal server error when trying to add certain option names

**shirster** · 9 Jul 2013, 12:47 PM

Hi everyone,

I've encountered a strange problem when trying to add certain option names using the Option Name Manager.

Every time I try to add "Please select from below" as an option name, I get a 500 internal server error page. So I tried to add some other names to see what worked what didn't. These are the ones that get me the 500 error (doesn't matter if they are Read Only or Dropdown or Radio etc.):

"Please select from"
"Please select from below"
"Please select 123 from"
"Please select fro from"

Screenshot of Option Name Manager that shows which names worked:

Screenshot of MySQL product_options table:

MySQL info:
Server: Localhost via UNIX socket
Software: MySQL
Software version: 5.0.96-community - MySQL Community Edition (GPL)
Protocol version: 10
Server charset: UTF-8 Unicode (utf8)

I have no idea what's going on so if anyone could help me out that would be greatly appreciated! Thank you in advance!

**RodG** · 9 Jul 2013, 02:52 PM

Originally Posted by shirster

Every time I try to add "Please select from below" as an option name, I get a 500 internal server error page.

1st thing to do is contact your host to see what the *actual* error is. (500 internal server error is a generic error response that can be triggered by many factors)

Originally Posted by shirster

So I tried to add some other names to see what worked what didn't. These are the ones that get me the 500 error (doesn't matter if they are Read Only or Dropdown or Radio etc.):

"Please select from"
"Please select from below"
"Please select 123 from"
"Please select fro from"

I have no idea what's going on so if anyone could help me out that would be greatly appreciated! Thank you in advance!

Although I'm at a loss to explain the error (and I've not been able to replicate it) it is interesting to note that all of the failures appear to contain partially valid SQL statements. "select * from"... it seem that these entries are somehow being interpreted as actual SQL commands rather than embedded text strings.

Although not a proper fix, you could try using alternative wording, such as "Please choose", 'Select Option', 'Make your selection', etc, etc.

I have to admit, I find this to be a very curious problem, and I'd love to know the cause.

Cheers
Rod

**DrByte** · 9 Jul 2013, 04:32 PM

Your hosting company's server security settings are probably set to defaults which are overly aggressive about preventing the use of any words that might be remotely related to doing SQL Injection hack attempts. And you'll thus probably need to get them to relax some of those mod-security rules for you.

Example: one very common word in very normal SQL statements is the word "SELECT". And since a hacker would also need to use that word your hosting company's security settings are obviously trapping that, but also preventing you from doing normal things.

**RodG** · 10 Jul 2013, 07:34 AM

Originally Posted by DrByte

Example: one very common word in very normal SQL statements is the word "SELECT". And since a hacker would also need to use that word your hosting company's security settings are obviously trapping that, but also preventing you from doing normal things.

Agreed, 100%, even though it defies logic as to how/why a hosting company could implement such a filter and not expect negative consequences as a result.

Most surprising though is that if this is the 1st time the problem has been discovered (with this particular host) the OP has just been plain unlucky in being the 1st of the host's clients to identify the problem, so if the OP is still reading this, please take note. Many host's will automaticly discard the 1st report of any problems that are reported, in other words, they'll probably try to brush you aside with the implication that you have a software fault rather than the problem being caused from their end of things.
You *may* have a little difficulty in convincing them to even look into their mod_security rules (which on reflection is about the only logical cause for the symptoms that you have described). It may be prudent to include a link to this thread when submitting your fault report, because between your postings, and our responses, there should be enough to convince even the lowest of their staff members of the problem you are having, and the likely cause of the problem.

I wish you the best of luck. You will probably need it. (this is one of those time where I hope to be wrong, and that your host will take care of the problem without making you jump through hoops to simply prove a problem exists). The odds are against you though.

Cheers
Rod

**shirster** · 10 Jul 2013, 08:32 AM

Thank you, Dr. Byte and RodG! I explained the situation to my web host, LiquidWeb, and they quickly whitelisted the mod_security rule for me. I can now use "Please select from" as an option name without any problem.

And thank you for the info, RodG. I've been with a couple of "bad" web hosts before so I understand the concerns you mentioned and I appreciate the heads up very much! Luckily I'm with LiquidWeb now and 19 out of 20 times my support tickets are answered by helpful, polite and professional support staff :) I know that people at other web hosts who run into the same problem might not be as lucky though...

Thank you again, guys! Cheers!

**RodG** · 10 Jul 2013, 09:01 AM

Originally Posted by shirster

Thank you, Dr. Byte and RodG! I explained the situation to my web host, LiquidWeb, and they quickly whitelisted the mod_security rule for me. I can now use "Please select from" as an option name without any problem.!

Thanks for the feedback that the problem has been solved. Although there was little doubt as to the cause, it is always good to know that we were on the mark, and its always good to hear about *helpful* webhosts. It makes a pleasant change. :)

Cheers
Rod