error 403 when trying to pass full url from form to script

Support/Development for PHP
falala
New Forum User
New Forum User
Posts: 2
Joined: Mon Apr 19, 2010 5:09 pm

error 403 when trying to pass full url from form to script

Unread post by falala »

When i try to pass a full url (http://www.example.com) from a field in a form to a script, i get following error message in my log. (and the scipt won't run...the browser simply says "forbidden". )

This field is for people to enter their web addresses and picture URL's, so it's information I want. However, because it's recognized as a remote file injection attempt, my form won't work.

[Mon Apr 19 13:52:06 2010] [error] [client ] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "815"] [id "340162"] [rev "177"] [msg "Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)"] [data ""] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith http://%{SERVER_NAME}/" against "MATCHED_VAR" required. [hostname "www.eyetryon.com"] [uri "/merch/Update_Product.php"] [unique_id "IkJ@jwoHRisAAFPMRpIAAAAL"]
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: error 403 when trying to pass full url from form to scri

Unread post by mikeshinn »

Thats mod_security and probably a false positive, can you pull up the event in ASL and send us the event? We can put out a fix for the rules.
falala
New Forum User
New Forum User
Posts: 2
Joined: Mon Apr 19, 2010 5:09 pm

Re: error 403 when trying to pass full url from form to scri

Unread post by falala »

I don't think I have access to this, but I will ask my hosting company, and get back to you soon. Thank you so much.
Post Reply