Hi all, I'm new to Digital Point, so please excuse me as I learn how things are done here. I have a problem where passing in a URL variable (HTTP GET) causes apache to throw a 403 error for some reason. Here are 2 nearly identical URLs. The first works, the second doesn't: http://army.ca/deleteme/vardump.php?var1={%22var2%22=%22a.%22} HTML: http://army.ca/deleteme/vardump.php?var1={%22var2%22=%22.%22} HTML: The receiving PHP script simply does a var_dump on $_REQUEST. I don't believe this is a PHP based problem because passing the same vars to any file generate the same result. (http://army.ca/deleteme/test.txt?var1={%22var2%22=%22.%22}) The reason I'm chasing this is that Facebook integration will generate a similar (but much more lengthy) URL which also fails. I've attempted to distill the problem down into a simpler form to help with troubleshooting. The apache error logs show nothing, but the access logs show: [14/Jun/2010:18:26:57 +0000] "GET /deleteme/vardump.php?var1={%22var2%22=%22.%22} HTTP/1.1" 403 33722 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3" Code (markup): I have been able to reproduce this on a different apache/linux server as well. Any help or guidance would be appreciated! Thanks Mike Server info: Fedora release 12 (Constantine) Kernel: 2.6.32.12-rscloud httpd-2.2.15-1.fc12.2.x86_64 php-5.3.2-2.fc12.x86_64
Did some searching and found this thread: http://forums.digitalpoint.com/showthread.php?t=1139831 Their suggestion to look at mod_security was bang on. When I disable mod_security all links work just fine. Now to find out how to allow this type of thing without opening my gates too wide. Thanks Mike