Hello everyone! If anyone knows anything about this, I would very appreciate any help and advice. In short, when I try to go to http://www.mydomain.com/test.php?var=value the server would load the page, but if I try to go to http://www.mydomain.com/test.php?var=http://value/ the server would show up a 403 access forbidden error, i.e. this happens due to slashes in the variable. There was nothing like this before, but now it is. Why would this happen? The problem is I can't solve this problem by passing into the variable these slashes encoded in URLENCODE format, I need them passed the way they are. I am pretty sure this is something dependent on the server options or .htaccess options. But how this might be fixed? Thanks for any help in advace!
Oh, I found out that the problem is not because of the slashes, but because of a colon symbol in the variable (like in http://www.domain.com). Any thoughts?
Wild guess, dont send the HTTP-protocoll information? If you are using it only for a web-based thingie there is no need for it in a URL, you can changed in your code.
I mean not the one at the beginning of the URL, but in the value of variable passed. I.e. in "http://value/" part of http://www.mydomain.com/test.php?var=http://value/ And what is worst I can't update it, because a lot of webpages across the web use this widget for redirecting (this is something like a web counter).
I would want to know what's causing the 403. It's not default Apache or PHP behaviour to do that. Do you have mod_security installed ? Do you have any custom rewrite rules that might forbid colons ? Is it the PHP application itself ? (It would be rather strange for an application that expects a URL to forbid colons...) You can use RewriteLog to figure out which rewrite rule is blocking it (if it is a rewrite rule) and I'm sure mod_security has a log that you can look at (if you have mod_security installed). You can test if the PHP application is receiving the variable (or if Apache is blocking access before it even runs the PHP file) by modifying the PHP file to save the URL and the variable in question to a file somewhere on your host.
As mentioned by Ladadadada, it could be due to mod_security rules. On cPanel server, the mod_security logs are stored in /usr/local/apache/logs/audit (or audit_log not sure exactly). Kailash
On various other forums I'm being pointed to mod_security as well. This is a customer's web site, though, so I don't have first-hand contact to know if that's the case. I was pointed to ietf.org/rfc/rfc2396.txt , though, which indicates that both the colon and the slash are reserved characters and must be escaped when used in the data portion of the URI. That didn't help me, since the characters were encoded. Don
Hmmm, sounds very similar to the problem I just posted here: http://forums.digitalpoint.com/showthread.php?t=1837647 I have mod_security installed, and based on the suggestions above, I disabled it. Instant success. Thanks for the push in the right direction!