问题
Given hello.php:
<?php echo "Hello"; ?>
rendering the page works fine and returns Hello, however
http://example.com/hello.php?test=http%3a//whatever.com
returns a 403 Forbidden. But oddly enough, making the first letter of http uppercase works fine:
http://example.com/hello.php?test=Http%3a//whatever.com
FYI, percent encoding the slashes also 403s:
http://example.com/hello.php?test=http%3a%2f%2fwhatever.com
I'm beginning to suspect this may be an issue with Passenger (which I use to serve RoR)
回答1:
It is mod_security's 10_asl_rules.conf causing this error.
回答2:
Perhaps your htaccess is picking up on something in that URL and sending forbidden headers. Do you have a .htaccess file?
来源:https://stackoverflow.com/questions/1089744/403-forbidden-on-php-page-called-with-url-encoded-in-a-get-parameter