- Posts: 3
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
500 Internal Server Error when sending invitations on multilingual survey
- sifaan
- Topic Author
- Offline
- New Member
Your LimeSurvey version: LimeSurvey Community Edition Version 6.2.6+230904
Own server or LimeSurvey hosting: Own Server
Survey theme/template: Default
==================
I am trying a multi-lingual survey (Simplified Chinese and Sinhala in addition to the base language English) for the first time - when I try to send the invitation emails, the following error appears:
Even if I try inviting a single respondent, the same error appears.Internal Server ErrorThe server encountered an internal error or misconfiguration and was unable to complete your @, and the actions you performed just before this
All participants' language is [en] in the participant list, so it shouldn't even be trying the other email languages (the english email templates have been copied over to them just in case)
This is what is captured in the server error logs (5 error lines each time I try to send emails)
[Tue Sep 12 03:52:10.574268 2023] [:error] [pid 278107:tid 4014789469952] [client 123.231.109.37:53473] [client 123.231.109.37] ModSecurity: Warning. Pattern match "(?\\\bhttp/\\\\d|<(?:html|meta)\\\\b)" at ARGS:message_en. [file "/etc/modsecurity/mod_sec3_CRS/"] [line "108"] [id "921130"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <html found within ARGS:message_en: <html>\\x0d\\x0a<head>\\x0d\\x0a\\x09<title></title>\\x0d\\x0a</head>\\x0d\\x0a<body>\\x0d\\x0a<p>dear <strong>{firstname}</strong>,</p>\\x0d\\x0a\\x0d\\x0a<p>as part of the <strong>ocean lanka 360 feedback (2023 september)</strong>, you are\\xc2\\xa0invited to give feedback to <strong>{token:attribute_3}</strong>.</p>\\x0d\\x0a\\x0d\\x0a<p>it would be appreciated if you can complete the survey\\xc2\\xa0using the following link by <strong>6:30 pm (sri lanka time) on monday, "] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/34"] [hostname ""] [uri "/"] [unique_id "ZQBC2hX4V30Ivq9vHnEF4QAAAAE"], referer:
[Tue Sep 12 03:52:10.574461 2023] [:error] [pid 278107:tid 4014789469952] [client 123.231.109.37:53473] [client 123.231.109.37] ModSecurity: Warning. Pattern match "(?\\\bhttp/\\\\d|<(?:html|meta)\\\\b)" at ARGS:message_zh-Hans. [file "/etc/modsecurity/mod_sec3_CRS/"] [line "108"] [id "921130"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <html found within ARGS:message_zh-Hans: <html>\\x0d\\x0a<head>\\x0d\\x0a\\x09<title></title>\\x0d\\x0a</head>\\x0d\\x0a<body>\\x0d\\x0a<p>dear <strong>{firstname}</strong>,</p>\\x0d\\x0a\\x0d\\x0a<p>as part of the <strong>ocean lanka 360 feedback 2023 september</strong>, you are\\xc2\\xa0invited to give feedback to <strong>{token:attribute_3}</strong>.</p>\\x0d\\x0a\\x0d\\x0a<p>it would be appreciated if you can complete the survey\\xc2\\xa0using the following link by <strong>6:30 pm (sri lanka time) on friday, ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/34"] [hostname ""] [uri "/"] [unique_id "ZQBC2hX4V30Ivq9vHnEF4QAAAAE"], referer:
[Tue Sep 12 03:52:10.574623 2023] [:error] [pid 278107:tid 4014789469952] [client 123.231.109.37:53473] [client 123.231.109.37] ModSecurity: Warning. Pattern match "(?\\\bhttp/\\\\d|<(?:html|meta)\\\\b)" at ARGS:message_si. [file "/etc/modsecurity/mod_sec3_CRS/"] [line "108"] [id "921130"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <html found within ARGS:message_si: <html>\\x0d\\x0a<head>\\x0d\\x0a\\x09<title></title>\\x0d\\x0a</head>\\x0d\\x0a<body>\\x0d\\x0a<p>dear <strong>{firstname}</strong>,</p>\\x0d\\x0a\\x0d\\x0a<p>as part of the <strong>ocean lanka 360 feedback 2023 september</strong>, you are\\xc2\\xa0invited to give feedback to <strong>{token:attribute_3}</strong>.</p>\\x0d\\x0a\\x0d\\x0a<p>it would be appreciated if you can complete the survey\\xc2\\xa0using the following link by <strong>6:30 pm (sri lanka time) on friday, 22nd ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/34"] [hostname ""] [uri "/"] [unique_id "ZQBC2hX4V30Ivq9vHnEF4QAAAAE"], referer:
[Tue Sep 12 03:52:10.586671 2023] [:error] [pid 278107:tid 4014789469952] [client 123.231.109.37:53473] [client 123.231.109.37] ModSecurity: Rule 3a75a65fe78 [id "942360"][file "/etc/modsecurity/mod_sec3_CRS/"][line "444"] - Execution error - PCRE limits exceeded (-: (null). [hostname ""] [uri "/"] [unique_id "ZQBC2hX4V30Ivq9vHnEF4QAAAAE"], referer:
[Tue Sep 12 03:52:10.589457 2023] [:error] [pid 278107:tid 4014789469952] [client 123.231.109.37:53473] [client 123.231.109.37] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/etc/modsecurity/mod_sec3_CRS/"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname ""] [uri "/"] [unique_id "ZQBC2hX4V30Ivq9vHnEF4QAAAAE"], referer:
I have other surveys running on the same platform, all single language, and they send out emails/reminders without any issue
In reading through the error message, there is an "html found within ARGS:message" line, so I wonder if making the emails plain text might solve the issue for now (generally I have been sending HTML emails without an issue)
Any suggestions on how to resolve this will be much appreciated
Thank you
/Sifaan
Please Log in to join the conversation.
- sifaan
- Topic Author
- Offline
- New Member
- Posts: 3
- Thank you received: 0
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Please Log in to join the conversation.
- holch
- Offline
- LimeSurvey Community Team
- Posts: 11660
- Thank you received: 2742
ModSecurity: Warning. Pattern match
...
ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score.
So this is not a Limesurvey issue, but a configuration on your server. You are basically running into your own security rules set in mod_rewrite. You need to check with the person responsible for the setup of the server to fix this.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
Please Log in to join the conversation.
- sifaan
- Topic Author
- Offline
- New Member
- Posts: 3
- Thank you received: 0
Please Log in to join the conversation.