1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

403 Forbidden when protocol is present in query string (eg. ?foo=http://anything)

Discussion in 'Apache' started by seifer-001, Dec 2, 2011.

  1. #1
    Hey guys
    I have been trying to figure this out for ages but I just can't.
    This used to work, but I THINK when my web host changed from Plesk to cPanel it stopped working.

    As soon as I put a protocol (http://, ftp://, etc) in a variable of a GET request, I receive a 403 forbidden error.

    Look for yourself
    drawingblacklines com.au/?foo=bar
    drawingblacklines com.au/?foo=http://testing.com
    The PHP executed on this page is simply print_r($_GET);

    I have tried clearing my .htaccess file and it didn't make any difference.
    I have looked everywhere but cannot find a solution

    Has anyone got an idea what may be causing this (bad) behavior??
    Thanks, Kane
     
    seifer-001, Dec 2, 2011 IP
  2. adimsh

    adimsh Member

    Messages:
    25
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    48
    #2
    Hi, it is not a bad behavior, it is an unwanted protection.

    Since you mentioned CPanel - and thanks for that- as far as I know CPanel operates mod_security2 for Apache, with very restrictive rules to protect web hosting, you can degrade the security measures however, unfortunately, I do not have such experience with mod_security for CPanel, you have to google it or request support from your hosting provider.

    Edit: you also have to fix errors with your ErrorDocument directive (probably a file location error).
     
    Last edited: Dec 4, 2011
    adimsh, Dec 4, 2011 IP