Error 403 triggered when posting URL's via form with PHP

Question

I am encountering a 403 Forbidden error when posting URL's via a form using PHP on an apache shared host.

From an existing question ( Error 403 on form submit ) this is most likely caused by mod_security installed on the server.

As I am using shared hosting, I'm not able to disable the module easily, so I implemented a JavaScript solution to strip the http:// before posting the data.

This worked for a while, but unfortunately, the error is still being triggered by some longer url's.

Are there any further methods I can use to cleanse the URL before posting it so that it won't trigger a security module like this?

Answer 1

I have had a similar issue and what I did was ask my hosting provider to add an exclusion to mod_security for that specific page, and it was fixed. The alternative was to disable mod_security, which they did not want to do :)

Another thing you might try is having a Javascript action on the submit buttons, which does a base64 encode of the URL, and then submits the form with that encoded value. Then, on the server side, you decode it.

Hope this helps.