I run a bunch of sites with a back-end that allows me to easily upload urls and html code to be embedded; however one of the sites throws me a 403 forbidden access error whenever I try to submit 'http:/' or any html tag with it's respective closing tag (example: '<embed></embed>') The back-end uses a php script and html forms to append a row in my SQL database. All of the other sites are using the same host and code and they are working just fine, what would be causing this one to not let me submit the form? Been scouring the net for hours now, trying everything including turning mod_security off in htaccess with no luck. Can anyone offer some advice?
Can you tell us the URL? My guess is that becuase the URL seems to be the only different factor ( same code, server etc ) , it is most probably the URL that is causing the issue. It might be becuase it is too long and the entry is has too many chars that the field in your DB allows. If you post the url of Google instead of the one you are trying to post, do you get the same error?
The database definitely allows more than enough characters, so the length of the field isn't the issue. If i try to submit 'www.google.com/trends', the SQL updates properly; but if I input 'http://www.google.com/trends' I get the 403 error. I've recognized it's the string 'http:/' that throws the error, which is an easy fix because I can just delete http:// from each url; but even after I've done this I still can't submit. Submitting "<embed>" works just fine, but when I submit "<embed></embed>" I get the error; this is what my main problem is. I've narrowed it down to inputting "><" alone throws the error, but ">blah<" gets submitted correctly. Note: When I went to turn mod_security off in .htaccess, 'SecFilterEngine Off' made my page throw a 500 internal server error; could this be because my host doesn't allow mod security to be turned off? If this is the case, is there any way to work around this 403 I keep getting?
ldhosting, i suppose its possible that this site is just on a different server with different security settings than the others sites' servers?
just contacted support, it was exactly as i presumed they were happy to change the server settings for me and it works flawlessly now thanks for your help