Form Submit == 403 Error?

May 08, 2014 Written By Marco Monteiro

From time to time, I have to work on a really crappy server. They have the weirdest rules of all, they’re obssed with security. I don’t have a right to see logs, they randomly block my IP from time to time. I can’t even call phpinfo(). Yeah, that bad!

Today I ran into a problem that made me go mad. I had a simple form with just a few fields. Locally the form was submiting via $_POST and everything was great.

But when I pushed my code to that server I couldn’t submit anything. The server was not getting the $_POST and it was interpreting everything as $_GET.

Turns out they turned on mod_security and one of my fields was supposed to be a url. But for some scurity reason if one of my input fields had http:// in it, they blocked the request.

First thing that came to mind: remove the http:// with javascript before submit and then add it back when I need it.

But that’s just nonsense!

Turns out if I have my input field called something_url the mod_security will be expecting the value to be one url and it will not block my request.

So here’s my tip, if you have a project that you’re deploying to a server that you have no control of, everytime you have a input that will be used to insert a url, you should “always” shove the sufix _url.


Like it? Tweet it.

"Form Submit == 403 Error?" via @marcogmonteiro