System text causing 403 forbidden error in PHP
I have a simple form that is submitting to a post.php file .
This form has input fields . If the text written in any of these input field is : System something , then I get a 403 forbidden error .
However , if I write the same System in quotes i.e "System" then it works fine .
It seems like that System is being treated as a command here and what I write after that is being treated as the parameter .
The code is not even reaching post.php . Even if I delete the post.php file , I still get a 403 error instead of a file not found error . Maybe it is something to do with Apache .
Please advise . Below is the form :
<form action="post.php" method="post" name="form1">
<table cellspacing="0" cellpadding="4" border开发者_StackOverflow社区="0">
<tbody><tr valign="top">
<td>Title</td>
<td><input type="text" value="" size="40" id="title" name="title"></td>
</tr>
<tr valign="top">
<td>Company</td>
<td><input type="text" value="" size="40" id="company" name="company"></td>
</tr>
<tr valign="top">
<td>Responsibilities</td>
<td><textarea id="responsibilities" rows="7" cols="55" name="responsibilities"></textarea></td>
</tr>
<tr valign="top">
<td>Position Requirements</td>
<td><textarea id="requirements" rows="7" cols="55" name="requirements"></textarea></td>
</tr>
<tr valign="top">
<td>Contact</td>
<td><textarea id="contact" rows="7" cols="55" name="contact"></textarea></td>
</tr>
<tr valign="top">
<td>Contact Name </td>
<td><input type="text" value="" size="40" id="contact_name" name="contact_name"></td>
</tr>
<tr valign="top">
<td>Contact Title </td>
<td><input type="text" value="" size="40" id="contact_title" name="contact_title"></td>
</tr>
<tr valign="top">
<td>Address 1</td>
<td><input type="text" value="" size="40" id="address1" name="address1"></td>
</tr>
<tr valign="top">
<td>Address 2</td>
<td><input type="text" value="" size="40" id="address2" name="address2"></td>
</tr>
<tr valign="top">
<td>Contact Phone </td>
<td><input type="text" value="" size="40" id="contact_phone" name="contact_phone"></td>
</tr>
<tr valign="top">
<td>Contact Fax</td>
<td><input type="text" value="" size="40" id="contact_fax" name="contact_fax"></td>
</tr>
<tr valign="top">
<td>Contact Email </td>
<td><input type="text" value="" size="40" id="contact_email" name="contact_email"></td>
</tr>
<tr valign="top">
<td>Contact Website </td>
<td><input type="text" value="" size="40" id="contact_website" name="contact_website"></td>
</tr>
<tr valign="top">
<td> </td>
<td> </td>
</tr>
<tr valign="top">
<td colspan="2"><input type="submit" value="Add Job" name="Submit"></td>
</tr>
</tbody></table>
</form>
Here are the HTTP headers sent :
(Request-Line) POST /admin/jobbank/post.php HTTP/1.1
User-Agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100401 Ubuntu/9.10 (karmic) Firefox/3.5.9
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Referer jobbank/add.php
Cookie PHPSESSID=bc679ded5a7f7650692084042c137d77
Content-Type application/x-www-form-urlencoded
Content-Length 188
The HTTP response received :
(Status-Line) HTTP/1.1 403 Forbidden
Date Tue, 31 Aug 2010 09:52:16 GMT
Server Apache/1.3.41 Ben-SSL/1.60 (Unix) mod_gzip/1.3.26.1a mod_fastcgi/2.4.2 mod_throttle/3.1.2 Chili!Soft-ASP/3.6.2 FrontPage/5.0.2.2635 mod_perl/1.30 PHP/4.4.9
Keep-Alive timeout=15
Connection Keep-Alive
Transfer-Encoding chunked
Content-Type text/html; charset=iso-8859-1
I guess you have some protection module for Apache, that checks GET and POST variables for suspicious values like http://www.modsecurity.org/
You need to tune it or turn it off.
I think they are problematic most of the time...
加载中,请稍侯......
精彩评论