How do i troubleshoot this 500 Server Error?

ℹ️ Support
,
1

Nextcloud version : 20.0.5
Operating system and version: Ubuntu 18.04.4 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache 2 (unsure of full version)
PHP version: PHP 7.4.11

The issue you are facing:

I’m running a small (3 user) instance on Dreamhost. Starting some time yesterday I stopped being able to sync calendars or contacts at all. I was running 19.0.4.2 but my first troubleshooting step was to upgrade to 20.0.5

  • When Dav5x (Android) tries to sync, I see “HTTP 500 Internal Server Error” for each calendar and deck that is syncing. The full debug log is below.

  • Running vdirsyncer sync from my laptop I get the same: error: Unknown error occured for cards/contacts: 500 Server Error: Internal Server Error for url: https://example.com/nextcloud/remote.php/carddav/addressbooks/amanda/contacts/

Is this the first time you’ve seen this error? (Y/N): Y

When I visit index.php/settings/admin/overview I see an error about my web dav interface:

    Your web server is not yet properly set up to allow file synchronization, because the WebDAV interface seems to be broken.

This is the Debug info from Android:

--- BEGIN DEBUG INFO ---

SYNCHRONIZATION INFO
Account: Account {name=phone+user@example.com, type=bitfire.at.davdroid}
Authority: com.android.calendar

EXCEPTION
at.bitfire.dav4jvm.exception.HttpException: HTTP 500 Internal Server Error
	at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:5)
	at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:3)
	at at.bitfire.dav4jvm.DavResource.processMultiStatus(DavResource.kt:1)
	at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:11)
	at at.bitfire.davdroid.syncadapter.CalendarSyncManager$queryCapabilities$1.invoke(CalendarSyncManager.kt:3)
	at at.bitfire.davdroid.syncadapter.CalendarSyncManager$queryCapabilities$1.invoke(CalendarSyncManager.kt:1)
	at at.bitfire.davdroid.syncadapter.SyncManager.remoteExceptionContext(SyncManager.kt:1)
	at at.bitfire.davdroid.syncadapter.SyncManager.remoteExceptionContext(SyncManager.kt:8)
	at at.bitfire.davdroid.syncadapter.CalendarSyncManager.queryCapabilities(CalendarSyncManager.kt:1)
	at at.bitfire.davdroid.syncadapter.SyncManager$performSync$1.invoke(SyncManager.kt:6)
	at at.bitfire.davdroid.syncadapter.SyncManager$performSync$1.invoke(SyncManager.kt:1)
	at at.bitfire.davdroid.syncadapter.SyncManager.unwrapExceptions(SyncManager.kt:1)
	at at.bitfire.davdroid.syncadapter.SyncManager.performSync(SyncManager.kt:5)
	at at.bitfire.davdroid.syncadapter.CalendarsSyncAdapterService$CalendarsSyncAdapter.sync(CalendarsSyncAdapterService.kt:14)
	at at.bitfire.davdroid.syncadapter.SyncAdapterService$SyncAdapter.onPerformSync(SyncAdapterService.kt:13)
	at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:334)

HTTP REQUEST
Request{method=PROPFIND, url=http://example.com/nextcloud/remote.php/dav/calendars/amanda/contact_birthdays/, headers=[Depth:0, Accept-Encoding:br,gzip]}
<?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><supported-report-set /><n0:getctag xmlns:n0="http://calendarserver.org/ns/" /><sync-token /></prop></propfind>

HTTP RESPONSE
Response{protocol=http/1.1, code=500, message=Internal Server Error, url=http://example.com/nextcloud/remote.php/dav/calendars/amanda/contact_birthdays/}
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at 
 webmaster@example.com to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
</body></html>


REMOTE RESOURCE
http://example.com/nextcloud/remote.php/dav/calendars/amanda/contact_birthdays/

SOFTWARE INFORMATION

┌───────────────────────────────────┬────────────────────────────────────┬────────────┬─────────────────────────────────────┬───────┐
│ Package                           │ Version                            │ Code       │ Installer                           │ Notes │
├───────────────────────────────────┼────────────────────────────────────┼────────────┼─────────────────────────────────────┼───────┤
│ at.bitfire.davdroid               │ 3.3.7-ose                          │ 303070006  │ com.google.android.packageinstaller │       │
│ org.dmfs.tasks                    │ 1.2.4                              │ 78500      │ com.google.android.packageinstaller │       │
│ com.android.providers.contacts    │ 10                                 │ 29         │ —                                   │       │
│ com.android.providers.calendar    │ 10                                 │ 29         │ —                                   │       │
│ com.google.android.contacts       │ 3.36.3.346104542                   │ 2505256    │ com.android.vending                 │       │
│ com.google.android.calendar       │ 2020.48.5-347345946-release        │ 2016847058 │ com.android.vending                 │       │
│ com.google.android.apps.messaging │ 7.0.039 (Groot_RC09.phone_dynamic) │ 70039000   │ com.android.vending                 │       │
└───────────────────────────────────┴────────────────────────────────────┴────────────┴─────────────────────────────────────┴───────┘


SYSTEM INFORMATION

Android version: 10 (QPMS30.80-63-6-8-3)
Device: motorola moto g power (sofia)
Locale(s): [en_US]


CONNECTVITY

 ☒ [ Transports: WIFI Capabilities: NOT_METERED INTERNET NOT_RESTRICTED TRUSTED NOT_VPN VALIDATED NOT_ROAMING FOREGROUND NOT_CONGESTED NOT_SUSPENDED LinkUpBandwidth>=1048576Kbps LinkDnBandwidth>=1048576Kbps SignalStrength: -69]
 ☐ [ Transports: CELLULAR Capabilities: IMS NOT_METERED TRUSTED NOT_VPN VALIDATED NOT_ROAMING FOREGROUND NOT_CONGESTED NOT_SUSPENDED LinkUpBandwidth>=14Kbps LinkDnBandwidth>=14Kbps Specifier: <1>]

Data saver: disabled


CONFIGURATION

Power saving disabled: yes
System-wide synchronization: automatically

Notifications:
 - sync  isBlocked=false
  * syncProblems: importance=3
  * syncIoErrors: importance=1
  * syncWarnings: importance=2
 - general: importance=3
 - debug: importance=4

Permissions:
 - ACCESS_NETWORK_STATE: granted
 - ACCESS_WIFI_STATE: granted
 - INTERNET: granted
 - READ_SYNC_SETTINGS: granted
 - READ_SYNC_STATS: granted
 - WRITE_SYNC_SETTINGS: granted
 - RECEIVE_BOOT_COMPLETED: granted
 - REQUEST_IGNORE_BATTERY_OPTIMIZATIONS: granted
 - READ_CONTACTS: granted
 - WRITE_CONTACTS: granted
 - READ_CALENDAR: granted
 - WRITE_CALENDAR: granted
 - ACCESS_COARSE_LOCATION: denied
 - ACCESS_FINE_LOCATION: denied
 - ACCESS_BACKGROUND_LOCATION: denied
 - org.dmfs.permission.READ_TASKS: granted
 - org.dmfs.permission.WRITE_TASKS: granted
 - org.tasks.permission.READ_TASKS: denied
 - org.tasks.permission.WRITE_TASKS: denied


ACCOUNTS

 - Account: phone+user@example.com

┌──────────────────────────────────┬────────────┬──────────────────────┬───────────────┐
│ Authority                        │ isSyncable │ getSyncAutomatically │ Sync interval │
├──────────────────────────────────┼────────────┼──────────────────────┼───────────────┤
│ at.bitfire.davdroid.addressbooks │ 1          │ true                 │ 240 min       │
│ com.android.calendar             │ 1          │ true                 │ 240 min       │
│ com.android.contacts             │ 0          │ false                │ —             │
│ org.dmfs.tasks                   │ 1          │ true                 │ 240 min       │
└──────────────────────────────────┴────────────┴──────────────────────┴───────────────┘

  WiFi only: false
  Contact group method: GROUP_VCARDS
  Time range (past days): 90
  Default alarm (min before): null
  Manage calendar colors: true
  Use event colors: false

  * Address book: Contacts (phone+user@example.com zg)
   
   ┌────────────┬──────────────────────┬───────────────┐
   │ isSyncable │ getSyncAutomatically │ Sync interval │
   ├────────────┼──────────────────────┼───────────────┤
   │ 1          │ true                 │ 1440 min      │
   └────────────┴──────────────────────┴───────────────┘
   
       URL: http://example.com/nextcloud/remote.php/dav/addressbooks/users/amanda/contacts/
    Read-only: 0


DATABASE DUMP

android_metadata

┌────────┐
│ locale │
├────────┤
│ en_US  │
└────────┘

service

┌────┬───────────────────────────────┬─────────┬────────────────────────────────────────────────────────────────────────────┐
│ id │ accountName                   │ type    │ principal                                                                  │
├────┼───────────────────────────────┼─────────┼────────────────────────────────────────────────────────────────────────────┤
│ 1  │ phone+user@example.com       │ carddav │ http://example.com/nextcloud/remote.php/dav/principals/users/amanda/ │
│ 2  │ phone+user@example.com       │ caldav  │ http://example.com/nextcloud/remote.php/dav/principals/users/amanda/ │
└────┴───────────────────────────────┴─────────┴────────────────────────────────────────────────────────────────────────────┘

sqlite_sequence

┌────────────┬─────┐
│ name       │ seq │
├────────────┼─────┤
│ service    │ 2   │
│ homeset    │ 2   │
│ collection │ 15  │
└────────────┴─────┘

homeset

┌────┬───────────┬──────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────┬──────────┐
│ id │ serviceId │ url                                                                          │ privBind │ displayName │ personal │
├────┼───────────┼──────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────┼──────────┤
│ 1  │ 2         │ http://example.com/nextcloud/remote.php/dav/calendars/amanda/          │ 1        │ —           │ 1        │
│ 2  │ 1         │ http://example.com/nextcloud/remote.php/dav/addressbooks/users/amanda/ │ 1        │ —           │ 1        │
└────┴───────────┴──────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────┴──────────┘

collection

┌────┬───────────┬──────────────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┬──────────────────┬────────────┬───────────────┬───────────────────────┬─────────────────────┬───────────┬──────────┬────────────────┬───────────────┬──────────────────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┬──────┬───────────┬───────┐
│ id │ serviceId │ type         │ url                                                                                                                       │ privWriteContent │ privUnbind │ forceReadOnly │ displayName           │ description         │ color     │ timezone │ supportsVEVENT │ supportsVTODO │ supportsVJOURNAL │ source                                                                                                             │ sync │ homeSetId │ owner │
├────┼───────────┼──────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼──────────────────┼────────────┼───────────────┼───────────────────────┼─────────────────────┼───────────┼──────────┼────────────────┼───────────────┼──────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼──────┼───────────┼───────┤                                                                                                               │ 2  │ 2         │ CALENDAR     │ http://example.com/nextcloud/remote.php/dav/calendars/amanda/birthdays/                                             │ 1                │ 1          │ 0             │ Repeating Birthdays   │ Repeating Birthdays │ -13083    │ —        │ 1              │ 1             │ 0                │ —                                                                                                                  │ 1    │ —         │ —     │
│ 3  │ 2         │ CALENDAR     │ http://example.com/nextcloud/remote.php/dav/calendars/amanda/contact_birthdays/                                     │ 0                │ 0          │ 0             │ Contact birthdays     │ —                   │ -54       │ —        │ 1              │ 0             │ 0                │ —                                                                                                                  │ 1    │ —         │ —     │
│ 11 │ 1         │ ADDRESS_BOOK │ http://example.com/nextcloud/remote.php/dav/addressbooks/users/amanda/contacts/                                     │ 1                │ 1          │ 0             │ Contacts              │ —                   │ —         │ —        │ —              │ —             │ —                │ —                                                                                                                  │ 1    │ —         │ —     │
│ 12 │ 1         │ ADDRESS_BOOK │ http://example.com/nextcloud/remote.php/dav/addressbooks/users/amanda/z-app-generated--contactsinteraction--recent/ │ 0                │ 0          │ 0             │ Recently contacted    │ —                   │ —         │ —        │ —              │ —             │ —                │ —                                                                                                                  │ 0    │ —         │ —     │
└────┴───────────┴──────────────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴──────────────────┴────────────┴───────────────┴───────────────────────┴─────────────────────┴───────────┴──────────┴────────────────┴───────────────┴──────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴──────┴───────────┴───────┘

room_master_table

┌────┬──────────────────────────────────┐
│ id │ identity_hash                    │
├────┼──────────────────────────────────┤
│ 42 │ b8699ef3cc4c62e8851df4360fb69e00 │
└────┴──────────────────────────────────┘


APP SETTINGS

1. SharedPreferencesProvider canWrite=true

┌────────────────────────┬───────────────┐
│ Setting                │ Value         │
├────────────────────────┼───────────────┤
│ distrust_system_certs  │ false         │
│ override_proxy         │ false         │
│ override_proxy_host    │ localhost     │
│ override_proxy_port    │ 8118          │
│ time_nextDonationPopup │ 1612245082349 │
└────────────────────────┴───────────────┘

2. DefaultsProvider canWrite=false

┌───────────────────────┬───────────┐
│ Setting               │ Value     │
├───────────────────────┼───────────┤
│ distrust_system_certs │ false     │
│ override_proxy        │ false     │
│ override_proxy_host   │ localhost │
│ override_proxy_port   │ 8118      │
└───────────────────────┴───────────┘

--- END DEBUG INFO ---

The output of your Nextcloud log in Admin > Logging:

I see a lot of this in my log:

{"reqId":"YAEhyEBFSb8aUXyV6fxZ2wAAAB0","level":3,"time":"2021-01-15T05:02:03+00:00","remoteAddr":"135.180.116.193","user":"amanda","app":"PHP","method":"GET","url":"/nextcloud/index.php/css/user_status/3acc-3385-user-status-menu.css?v=cb0ff4e8f32a364b3dcc4891c6494dc2-a844998a-2","message":"preg_replace(): Allocation of JIT memory failed, PCRE JIT will be disabled. This is likely caused by security restrictions. Either grant PHP permission to allocate executable memory, or set pcre.jit=0 at /home/abh/example/nextcloud/lib/private/DB/AdapterSqlite.php#46","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0","version":"20.0.5.2","id":"60012bed12405"}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'occ7c1677a99',
  'passwordsalt' => 'redacted',
  'trusted_domains' => 
  array (
    0 => 'example.com',
    1 => 'www.example.com',
  ),
  'datadirectory' => '/home/abh/nextcloud/data',
  'overwrite.cli.url' => 'https://example.com/nextcloud',
  'dbtype' => 'sqlite3',
  'version' => '20.0.5.2',
  'installed' => true,
  'theme' => '',
  'maintenance' => false,
  'secret' => 'redacted',
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'tls',
  'mail_from_address' => 'nextcloud',
  'mail_domain' => 'example.com',
  'mail_smtpauthtype' => 'PLAIN',
  'mail_smtphost' => 'mail.example.com',
  'mail_smtpauth' => 1,
  'mail_smtpport' => '587',
  'mail_smtpname' => 'also_redacted',
  'mail_smtppassword' => 'redacted',
  'loglevel' => 2,
  'trashbin_retention_obligation' => 'auto',
  'defaultapp' => 'calendar',
  'session_lifetime' => 86400,
  'updater.release.channel' => 'stable',
);

The output of your Apache/nginx/system log in /var/log/____:

[Thu Jan 14 21:47:32.343591 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Warning. detected XSS using libinjection. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "55"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS_NAMES:<?xml version: <?xml version"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.343754 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Warning. detected XSS using libinjection. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "55"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS:<?xml version: '1.0' encoding='UTF-8' ?><propfind xmlns=\\x22DAV:\\x22 xmlns:CAL=\\x22urn:ietf:params:xml:ns:caldav\\x22 xmlns:CARD=\\x22urn:ietf:params:xml:ns:carddav\\x22><prop><n0:getctag xmlns:n0=\\x22http://calendarserver.org/ns/\\x22 /><sync-token /></prop></propfind>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.344057 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:!ENTITY\\\\s+(?:\\\\S+|%\\\\s+\\\\S+)\\\\s+(?:PUBLIC|SYSTEM)|x(?:link:href|html|mlns)|data:text/html|pattern\\\\b.*?=|formaction|\\\\@import|;base64)\\\\b" at ARGS:<?xml version. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "144"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data:  xmlns found within ARGS:<?xml version: '1.0' encoding='UTF-8' ?><propfind xmlns=\\x22DAV:\\x22 xmlns:CAL=\\x22urn:ietf:params:xml:ns:caldav\\x22 xmlns:CARD=\\x22urn:ietf:params:xml:ns:carddav\\x22><prop><n0:getctag xmlns:n0=\\x22http://calendarserver.org/ns/\\x22 /><sync-token /></prop></propfind>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.346512 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "150"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.347383 2021] [:error] [pid 13247:tid 3485835720448] [client 135.180.116.193:42503] [client 135.180.116.193] ModSecurity: Warning. Operator GE matched 7 at TX:inbound_anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/RESPONSE-980-CORRELATION.conf"] [line "87"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/redacted_shared_by_username/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6gAAAAM"]
[Thu Jan 14 21:47:32.806808 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Warning. detected XSS using libinjection. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "55"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS_NAMES:<?xml version: <?xml version"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]
[Thu Jan 14 21:47:32.807000 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Warning. detected XSS using libinjection. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "55"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS:<?xml version: '1.0' encoding='UTF-8' ?><propfind xmlns=\\x22DAV:\\x22 xmlns:CAL=\\x22urn:ietf:params:xml:ns:caldav\\x22 xmlns:CARD=\\x22urn:ietf:params:xml:ns:carddav\\x22><prop><n0:getctag xmlns:n0=\\x22http://calendarserver.org/ns/\\x22 /><sync-token /></prop></propfind>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]
[Thu Jan 14 21:47:32.807306 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:!ENTITY\\\\s+(?:\\\\S+|%\\\\s+\\\\S+)\\\\s+(?:PUBLIC|SYSTEM)|x(?:link:href|html|mlns)|data:text/html|pattern\\\\b.*?=|formaction|\\\\@import|;base64)\\\\b" at ARGS:<?xml version. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "144"] [id "941130"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data:  xmlns found within ARGS:<?xml version: '1.0' encoding='UTF-8' ?><propfind xmlns=\\x22DAV:\\x22 xmlns:CAL=\\x22urn:ietf:params:xml:ns:caldav\\x22 xmlns:CARD=\\x22urn:ietf:params:xml:ns:carddav\\x22><prop><n0:getctag xmlns:n0=\\x22http://calendarserver.org/ns/\\x22 /><sync-token /></prop></propfind>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]
[Thu Jan 14 21:47:32.809765 2021] [:error] [pid 13247:tid 3486615607040] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "150"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]
[Thu Jan 14 21:47:32.810833 2021] [:error] [pid 13247:tid 3485827327744] [client 135.180.116.193:42505] [client 135.180.116.193] ModSecurity: Warning. Operator GE matched 7 at TX:inbound_anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/RESPONSE-980-CORRELATION.conf"] [line "87"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"] [hostname "example.com"] [uri "/nextcloud/remote.php/dav/calendars/otheruser/app-generated--deck--board-3/"] [unique_id "YAEsdDmxZCNLFTiSxu1n6wAAAAM"]
1 Like
2

You’ve posted a lot of information but you haven’t posted any related content from the Nextcloud log file, which could unveil the root cause of the problem. At a first step I would try to disable or reset “ModSecurity” which seems to block access to some parts of your installation.

3

My Nextcloud log is a long series of that same error I did paste, over and over:

For every 50-60 of those, I have one of these:

{"reqId":"MZw2d2tO9TlwyGDU44pR","level":3,"time":"2021-01-15T14:00:28+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"PHP Startup: memcached.sess_lock_wait and memcached.sess_lock_max_wait are deprecated. Please update your configuration to use memcached.sess_lock_wait_min, memcached.sess_lock_wait_max and memcached.sess_lock_retries at Unknown#0","userAgent":"--","version":"20.0.5.2","id":"6001a68fbc3a7"}

4

I think you’re running into a general system problem which has nothing to do with Nextcloud. You need to fix your PHP errors before you can use Nextcloud again. See e.g.

5

The full error on the screen says this:

preg_replace(): Allocation of JIT memory failed, PCRE JIT will be disabled. This is likely caused by security restrictions. Either grant PHP permission to allocate executable memory, or set pcre.jit=0 at /home/abh/example/nextcloud/lib/private/DB/AdapterSqlite.php#46

That suggests that there is a setting I can use to address the issue? I started very specific thread on that question because it isn’t obvious how to alter AdapterSqlite.php properly. That thread is at: How do I set pcre.jit=0?

6

FYI, I am not a NextCloud user, but I am seeing similar ModSecurity issues with not being able to sync with my CardDav server. I also happen to be using DavDroid and Dreamhost. I wonder if Dreamhost changed some security config that falsely interprets carddav requests as attacks? Maybe we should both drop them a note.

[msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data:  xmlns found within ARGS:
1 Like
7

I sent them a support ticket. :crossed_fingers:t2:

I’m still a little confused by the option to “set pcre.jit=0” because the in file that error refers to it isn’t obvious how I’d make that change.

8

I also sent them a ticket. Didn’t even get an auto-response. Weird. We’ll see.

Anyway, as @j-ed mentioned above, turning off “ModSecurity” on my CardDAV server site (via DreamHost’s web panel) has allowed syncing to start working for me again. Though I hope DH is able to help me get it back later.

Sorry I can’t help with the other potential issues you may be seeing. Good luck.

9

@CeeGeeBee Dreamhost replied to me pretty promptly – they were able to change a setting (I think they disabled modSecurity for my account?) and get it working again.

2 Likes
10

Because this issue is back, I wanted to capture the actual solution from DreamHost that did indeed work for ~2 weeks.

Thank you for contacting DreamHost support. I'm sorry about the issues
with your site! It looks as if your site is triggering ModSecurity to
block something that it is trying to do:

[Fri Jan 15 11:56:24.618054 2021] [:error] [pid 13592:tid 3486252041984]
[client 135.180.116.193:45753] [client 135.180.116.193] ModSecurity:
Warning. Pattern match
"(?i)[\\\\s\\\\S](?:!ENTITY\\\\s+(?:\\\\S+|%\\\\s+\\\\S+)\\\\s+(?:PUBLIC|SYSTEM)|x(?:link:href|html|mlns)|data:text/html|pattern\\\\b.*?=|formaction|\
+\\\@import|;base64)\\\\b"
at ARGS:<?xml version. [file
"/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-941-APPLICATION-ATTACK-XSS.conf"]
[line "144"] [id "941130"] [msg "XSS Filter - Category 3: Attribute
Vector"] [data "Matched Data:  xmlns found within ARGS:<?xml version:
'1.0' encoding='UTF-8' ?><propfind xmlns=\\x22DAV:\\x22
xmlns:CAL=\\x22urn:ietf:params:xml:ns:caldav\\x22
xmlns:CARD=\\x22urn:ietf:params:xml:ns:carddav\\x22><prop><supported-report-set
/><n0:getctag xmlns:n0=\\x22http://calendarserver.org/ns/\\x22
/><sync-token /></prop></propfind>"] [severity "CRITICAL"] [ver
"OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag
"platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag
"OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "example.info"]
[uri "/nextcloud/remote.php/dav/calendars/redact1/redact3_shared_by_redact2/"]
[unique_id "YAHzaNwHcnNGFGzVdUh22gAAAAM"]
[Fri Jan 15 11:56:24.620632 2021] [:error] [pid 13592:tid 3486252041984]
[client 135.180.116.193:45753] [client 135.180.116.193] ModSecurity:
Access denied with code 418 (phase 2). Operator GE matched 7 at
TX:anomaly_score. [file
"/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"]
[line "150"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total
Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag
"application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag
"attack-generic"] [hostname "example.info"] [uri
"/nextcloud/remote.php/dav/calendars/redact1/redact3_shared_by_redact2/"]
[unique_id "YAHzaNwHcnNGFGzVdUh22gAAAAM"]
[Fri Jan 15 11:56:24.621458 2021] [:error] [pid 13592:tid 3484745193216]
[client 135.180.116.193:45753] [client 135.180.116.193] ModSecurity:
Warning. Operator GE matched 7 at TX:inbound_anomaly_score. [file
"/dh/apache2/template/etc/mod_sec3_CRS/RESPONSE-980-CORRELATION.conf"]
[line "87"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total
Inbound Score: 15 -
SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual
paranoia level scores: 15, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag
"event-correlation"] [hostname "example.info"] [uri
"/nextcloud/remote.php/dav/calendars/redact1/redact3_shared_by_redact2/"]
[unique_id "YAHzaNwHcnNGFGzVdUh22gAAAAM"]

I went ahead and added an exception for that domain for the xss (as you
can see in the 'Total Inbound Score' xss is the culprit). Go ahead and
test things and let me know if you're still having issues and I'll be
happy to take another look though.

Have a good rest of your day.
11

Adding: Dreamhost has info on how to address the PCRE Jit error at PHP 7 overview – DreamHost Knowledge Base

1 Like
12

Thanks for writing about this! I was dismayed (and almost offended, honestly) to be seeing HTTP 418 errors on a Dreamhost installation but this thread let me fix it.

For reference for others, unchecking “Extra Web Security?” for the deployment was sufficient:

image

Hopefully I don’t regret this… :grimacing