Powered by eUKhost®

Announcement

Collapse
No announcement yet.

403 Error on Form Submit

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 403 Error on Form Submit

    A form on my site has stopped working. It used to work but if I submit now it throws a 403 error. The form HTML is generated and then processed with a PHP script. It has worked in the past but something must have changed on the server.

    I have just isolated the problem.

    If I disable mod_security the form works ok (but I don't want to do this).

    The form submits the contents of a text box which includes a URL. mod_security clearly no longer likes me submitting text parameters that are URLs ie anything looking like "http://www.asitehere.com/". It works if I remove the "http://" bit from the front.

    I use the form to dynamically add URL links to a database table and I want them to be the full URL.

    So my question is how do I submit a URL that the user has typed in without mod_security going crazy?

    I do not want to exclude the http:// bit of the URL because other people use the site and they will never remember to exclude it ... and a 403 error isn't going to help them when they forget.

    My only thoughts are to use javascript to store a hidden version of the url that is typed in but strip off the http bit. It could then be reattached before being written into the database.

    Any help would be appreciated!

    Thanks,

    Matt

  • #2
    Hi Matt,

    Our CTO, NickJ, is well versed with the mod_security, web application firewall. He'd be able to get this sorted for you once he's back. Meanwhile could you please open up a ticket with the appropriate details to produce the error on our end. We'd be glad to that you're sticking to the security for your website, rather than getting it removed in order to get the form working.. I like people who adhere to security Good luck..
    Rock _a.k.a._ Jack Daniel

    Follow eUKhost on Twitter || Join eUKhost Community on Facebook

    Comment


    • #3
      Originally posted by Rock View Post
      Hi Matt,

      Our CTO, NickJ, is well versed with the mod_security, web application firewall. He'd be able to get this sorted for you once he's back. Meanwhile could you please open up a ticket with the appropriate details to produce the error on our end. We'd be glad to that you're sticking to the security for your website, rather than getting it removed in order to get the form working.. I like people who adhere to security Good luck..
      *impresses with big firewall*

      On a serious note I am also a security freak, software firewalls, hardware firewalls, AV etc. Anybody who runs without them is
      Dan Miller

      Comment


      • #4
        Originally posted by Daniel View Post
        *impresses with big firewall*

        On a serious note I am also a security freak, software firewalls, hardware firewalls, AV etc. Anybody who runs without them is
        /me is much impressed to know that
        Rock _a.k.a._ Jack Daniel

        Follow eUKhost on Twitter || Join eUKhost Community on Facebook

        Comment


        • #5
          I've submitted a ticket.

          <html>
          <body>
          <?php

          //
          // Test Form to submit URL text
          //
          echo " <!-- Form to add new link -->\n";
          echo " <form name=\"test_form\" method=\"post\" action=\"test_form.php\">\n";
          echo " <fieldset>\n";
          echo " <legend>Test Form</legend>";

          echo " <table>\n";
          echo " <tr><td>Name</td><td><input type=\"text\" name=\"ilink_name\" size=\"80\" maxlength=\"80\" value=\"Website Name\" /></td></tr>\n";
          echo " <tr><td>URL</td><td><input type=\"text\" name=\"ilink_url\" size=\"80\" maxlength=\"255\" value=\"enter url\" /></td></tr>\n";
          echo " </table>\n";

          echo " <input type=\"submit\" name=\"isubmit\" value=\"Add New\" />\n";
          echo " </fieldset>\n";
          echo " </form>\n";

          ?>

          </body>
          </html>
          This simple PHP script demos the issue.

          The script works if you enter "www.google.com" but throws a 403 error if you enter "http://www.google.com"

          It appears to actually be the "http:/" at the start that causes the problem.

          I'll wait for the support ticket response. It's not a critical issue and I can rework the code if required.

          Just thought I'd post this info for other users who may search for it in the future.

          Matt

          Comment


          • #6
            Hi,
            Just out of curiosity, have you tried entering www.someurl.com/index.php? Well as I said, just curious if your script is handling character / (must be going UTF encoded to your script) etc...

            Best of luck!
            Inderjeet

            Comment


            • #7
              403 Form Post Error

              I'm also looking for a solution to this...

              Comment


              • #8
                Solution to 403 Form Post Error

                I have found a solution to the form post 403 error (when using a URL as some data to submit). Why not use this technique too? I found it at:

                LINK -> edrackham.com/javascript/solution-to-form-submit-403-error

                It works for me no problems what-so-ever!

                Comment


                • #9
                  Originally posted by a1phanumeric View Post
                  I have found a solution to the form post 403 error (when using a URL as some data to submit). Why not use this technique too? I found it at:

                  LINK -> edrackham.com/javascript/solution-to-form-submit-403-error

                  It works for me no problems what-so-ever!
                  Thank you for sharing the link & glad it worked out for you
                  Rock _a.k.a._ Jack Daniel

                  Follow eUKhost on Twitter || Join eUKhost Community on Facebook

                  Comment


                  • #10
                    403 Form Post Error

                    Even i have same problem “Form Submit 403 Error”. But in my case if i use any HTML tags (like bold or any other tags) than 403 error will show. How can i solve this issues???

                    is this b’cos of mod_security ??????

                    Comment

                    ban-img
                    Working...
                    X