An unknown error has occurred in Files after upgrade

<%- if @topic_view.topic.tags.present? %>
<%= t 'js.tagging.tags' %>: <%- @topic_view.topic.tags.each do |t| %> <%= t %> <%- end %>
<% end %>

Silverstripe Version:
SS 4.8.0

Question:
An unknown error has occurred in Files after upgrade

I have just upgraded my site from SS 4.5.1 to SS 4.8.0. If I click on Files I get “An unknown error has occurred”. It all looks fine on my development server but this happens in the live published site.

Unfortunately, that’s a really hard thing to diagnose without more information.

Have you checked the server logs?
Have you tried the site in dev mode to see if any more error information is available?
If you look at the response in your browser console, is there any information in the response body?

Request URL: https://test.com/admin/graphql
Request Method: POST
Status Code: 418
Remote Address: xxx:443
Referrer Policy: no-referrer-when-downgrade

Response headers
accept-ranges: bytes
content-length: 6714
content-type: text/html
date: Fri, 06 Aug 2021 23:13:55 GMT
etag: “1a3a-5c8dc40792420”
last-modified: Fri, 06 Aug 2021 04:13:03 GMT
server: Apache
status: 418
vary: User-Agent,Accept-Encoding

Request Headers
:authority: test.com
:method: POST
:path: /admin/graphql
:scheme: https
accept: /
accept-encoding: gzip, deflate, br
accept-language: en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7
content-length: 1379
content-type: application/json, application/x-www-form-urlencoded;charset=UTF-8
cookie: _ga=GA1.2.801732457.1628223207; _gid=GA1.2.774247938.1628223207; cms-panel-collapsed-cms-menu=false; _gat=1; PHPSESSID=xxxx
dnt: 1
origin: https://test.com
referer: https://test.com/admin/assets/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
x-csrf-token: xxxx

Request Payload
{operationName: “ReadFiles”,…}
operationName: “ReadFiles”
variables: {rootFilter: {id: 0, anyChildId: null}, childrenFilter: {recursive: false}, limit: 50, offset: 0}
query: "query ReadFiles

Also - no server errors logged

So… I guess the usual questions…

  • Is your development environment the same as your production environment? (Same PHP version, MySQL version, etc)
  • How are you deploying to your production environment?

Thanks for your help. I have now finally got a log message I can use - it seems that mod_security rules are blocking /admin/graphql

[Thu Aug 12 15:28:36.833681 2021] [:error] [pid 23028:tid 3891763713792] [client 137.147.143.32:39692] [client 137.147.143.32] ModSecurity: Warning. Match of "rx ^[\\\\w/.+-]+(?:\\\\s?;\\\\s?(?:action|boundary|charset|type|start(?:-info)?)\\\\s?=\\\\s?['\\"\\\\w.()+,/:=?<>@-]+)*$" against "REQUEST_HEADERS:Content-Type" required. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "932"] [id "920470"] [msg "Illegal Content-Type header"] [data "application/json, application/x-www-form-urlencoded;charset=utf-8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "julietsummersbooks.com"] [uri "/admin/graphql"] [unique_id "YRWglCSQw9EgqRhdZtbnPwAAAAs"], referer: https://julietsummersbooks.com/admin/assets/
[Thu Aug 12 15:28:36.847916 2021] [:error] [pid 23028:tid 3891763713792] [client 137.147.143.32:39692] [client 137.147.143.32] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "956"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/json,|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "julietsummersbooks.com"] [uri "/admin/graphql"] [unique_id "YRWglCSQw9EgqRhdZtbnPwAAAAs"], referer: https://julietsummersbooks.com/admin/assets/
[Thu Aug 12 15:28:36.860133 2021] [:error] [pid 23028:tid 3891763713792] [client 137.147.143.32:39692] [client 137.147.143.32] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "julietsummersbooks.com"] [uri "/admin/graphql"] [unique_id "YRWglCSQw9EgqRhdZtbnPwAAAAs"], referer: https://julietsummersbooks.com/admin/assets/

I have placed a support request with Dreamhost to try and get this resolved.

1 Like