The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

403 Forbidden when protocol is present in query string (ie. ?foo=http://aa)

Discussion in 'General Discussion' started by seifer, Dec 3, 2011.

  1. seifer

    seifer Registered

    Joined:
    Dec 3, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hey guys
    I have been trying to figure this out for ages but I just can't.
    This used to work, but I THINK when my web host changed from Plesk to cPanel it stopped working.

    As soon as I put a protocol (http://, ftp://, etc) in a variable of a GET request, I receive a 403 forbidden error.

    Look for yourself
    /http://drawingblacklines.com.au/?foo=bar
    /http://drawingblacklines.com.au/?foo=http://testing.com
    The PHP executed on this page is simply print_r($_GET);

    I have tried clearing my .htaccess file and it didn't make any difference.
    I have looked everywhere but cannot find a solution

    Has anyone got an idea what may be causing this (bad) behavior??
    Thanks, Kane
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    Re: 403 Forbidden when protocol is present in query string (ie. ?foo=http:/

    Do you have mod_security installed?
    Look in WHM-> Plugins.
     
  3. seifer

    seifer Registered

    Joined:
    Dec 3, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Re: 403 Forbidden when protocol is present in query string (ie. ?foo=http:/

    Hey, thanks for your reply.
    I don't have access to WHM, I'm using shared hosting.

    Can I check this via cPanel?
    I can contact my web host on Monday and ask them, they are usually pretty good with helping out. (digitalpacific.com.au)

    If mod_security is installed, do I need to disable it or is there a workaround ?
    Kane
     
  4. ckh

    ckh Well-Known Member

    Joined:
    Dec 6, 2003
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Phoenix, AZ
    cPanel Access Level:
    DataCenter Provider
    Re: 403 Forbidden when protocol is present in query string (ie. ?foo=http:/

    Your hosting provider will need to see which rule is being triggered and remove or disable the rule. Nothing you can do without whm/root access.
     
Loading...

Share This Page