403 Forbidden on PHP page called with url encoded in a $_GET parameter

Given hello.php:

<?php echo "Hello"; ?>

rendering the page works fine and returns Hello, however

http://example.com/hello.php?test=http%3a//whatever.com

returns a 403 Forbidden. But oddly enough, making the first letter of http uppercase works fine:

http://example.com/hello.php?test=Http%3a//whatever.com

FYI, percent encoding the slashes also 403s:

http://example.com/hello.php?test=http%3a%2f%2fwhatever.com

I'm beginning to suspect this may be an issue with Passenger (which I use to serve RoR)

It is mod_security's 10_asl_rules.conf causing this error.

Perhaps your htaccess is picking up on something in that URL and sending forbidden headers. Do you have a .htaccess file?

来源：https://stackoverflow.com/questions/1089744/403-forbidden-on-php-page-called-with-url-encoded-in-a-get-parameter

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!