Django的ModSecurity错误 [英] ModSecurity error with Django
问题描述
我正在通过我在DreamHost上使用fb.py的Facebook App(iframe)访问Django页面,并且我不断收到内部服务器错误。
查看错误日志,这是我看到的:
ModSecurity :输出过滤器:无法读取存储桶(rc 104):由对等体重新连接
我认为这只是与POST请求。有些人在几年前就在几个论坛上询问了这个错误,无济于事:
ModSecurity:输出过滤器:无法读取桶(rc 104):由对等体重新连接
所有我可以找到的是 http:// www.modsecurity.org :
当mod_security拒绝这样的请求时,它发送一个例如代码403的错误桶输出过滤器链,留下r->状态(例如500)。
任何想法?谢谢!
所以我花了太多时间试图弄清楚这一点。我已经解决了一个(稍微有些)的工作:将 {%csrf_token%} 添加到模板中的任何位置(我假设你在 context_instance = RequestContext(request)您的 render_to_response 或其他任何内容的参数。
我认为发生了什么事情是,cookie实际上并不设置(这可以通过浏览任何浏览器的开发工具中的cookies进行确认)。将上面的代码添加到你的模板中强制这个。我有一种感觉,这可能会在更高版本的Django中得到补救,而且似乎对于1.4+有明显的修复(例如,参见 here )。不幸的是,Dreamhost已经使用1.2.3,所以我们需要做。
I'm trying to access a Django page through a Facebook App (iframe) I made using fb.py on DreamHost and I keep getting an internal server error.
Looking in the error logs, this is what I see:
ModSecurity: Output filter: Failed to read bucket (rc 104): Connection reset by peer
I think it just has to do with the POST request. Somebody else asked about this error on a number of forums almost a year ago, to no avail:
ModSecurity: Output filter: Failed to read bucket (rc 104): Connection reset by peer
All I could find searching was this at http://www.modsecurity.org:
"When mod_security denies such a request, it sends an error bucket with e.g. code 403 down the output filter chain, leaving r->status as is (e.g. 500)."
Any ideas? Thanks!
So I've spent way too much time trying to figure this out. I've settled on a (slightly shitty) work-around: add {% csrf_token %} to any place in your template (I'm assuming you passed in the context_instance=RequestContext(request) argument to your render_to_response or whatever).
I think what is happening is that the cookie doesn't actually get set (this can be confirmed through inspecting the cookies in any browser's development tools). Adding the above code to your template forces this. I have a feeling that this may be remedied in later versions of Django, and it seems as though there are obvious fixes for 1.4+ (e.g., see here). Unfortunately dreamhost has stuck us with 1.2.3, so we need to make do.
这篇关于Django的ModSecurity错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
