“http://” in query string does not work

问题

UPDATE:

I tested in a subdomain - no .htaccess and PHP. I created a index.html and tried accessing /?p=http:/ and /?p=http://. I got this error for /?p=http://

Forbidden

You don't have permission to access / on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache Server at test.example.com Port 80

This rules out any PHP or mod_rewrite problem. What is wrong with Apache?

Case 1 (does not work): mysite.com?p=http://

Case 2 (works): mysite.com?p=http:/

If there is a http:// or https:// or ftp:// in the query string, there would be an error, even if I encoded it. I have an index.php (entry script) and a test.php (for testing this error). If I visit a URL (that goes via index.php) with http:// inside the query string, the $_GET variable would be empty even if there are other parameters. If I visit test.php?p=http://, I would get redirected (no change in URL) to index.php with an error (the framework handles invalid requests). Upon replacing http:// with something else, everything works fine - test.php shows what it's meant to, all other requests goes to index.php with $_GET populated.

I only noticed this error after moving to a new host (hostdime to hostgator). I could not reproduce this anywhere else (old host, local server).

Thank you.

My .htaccess file, stripped of some irrelevant code.

# Use PHP 5.3
AddType application/x-httpd-php53 .php

# ----------------------------------------------------------------------
# Start rewrite engine
# ----------------------------------------------------------------------

<IfModule mod_rewrite.c>
    Options +FollowSymlinks
    RewriteEngine On

    # removes www.
    # ------------------------------------------------------------------
    RewriteCond %{HTTPS} !=on
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

    # rewrite "domain.com/foo -> domain.com/foo/"
    # ------------------------------------------------------------------
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/|#(.*))$
    RewriteRule ^(.*)$ /$1/ [R=301,L]

    # Yii specific rewrite
    # ------------------------------------------------------------------
    # if a directory or a file exists, use it directly
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    # otherwise forward it to index.php
    RewriteRule . index.php 
</IfModule>


# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist 
# ------------------------------------------------------------------
Options -MultiViews 



# ----------------------------------------------------------------------
# UTF-8 encoding
# ----------------------------------------------------------------------

# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8

# Force UTF-8 for a number of file formats
AddCharset utf-8 .html .css .js .xml .json .rss .atom


# ----------------------------------------------------------------------
# Gzip compression
# ----------------------------------------------------------------------

<IfModule mod_deflate.c>
...
</IfModule>


<IfModule mod_expires.c>
...
</IfModule>


<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>


# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or Git.
<IfModule mod_rewrite.c>
    RewriteCond %{SCRIPT_FILENAME} -d
    RewriteCond %{SCRIPT_FILENAME} -f
    RewriteRule "(^|/)\." - [F]
</IfModule>

# Increase cookie security
<IfModule php5_module>
    php_value session.cookie_httponly true
</IfModule>

回答1:

So apperently this is a problem on the host. I contacted HostGator for help and they said it was a mod_security problem. If you have trouble trying to explain, tell them to run apachetail command on the link you gave.

These links might help you a little

http://forums.hostgator.com/mod-security-and-403-errors-t71394.html

http://www.codingforums.com/showthread.php?t=233958

http://www.codingforums.com/showthread.php?t=244525

回答2:

I had similar problem with HostGator. You can ask their tech support via live chat to whitelist your domain name which you want to put the url in query string on. The resources provided by Dalton Tan are good to read especially the first one from HG forum.

来源：https://stackoverflow.com/questions/10992219/http-in-query-string-does-not-work