error 403 when trying to pass full url from form to script
Posted: Mon Apr 19, 2010 5:28 pm
When i try to pass a full url (http://www.example.com) from a field in a form to a script, i get following error message in my log. (and the scipt won't run...the browser simply says "forbidden". )
This field is for people to enter their web addresses and picture URL's, so it's information I want. However, because it's recognized as a remote file injection attempt, my form won't work.
[Mon Apr 19 13:52:06 2010] [error] [client ] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "815"] [id "340162"] [rev "177"] [msg "Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)"] [data ""] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith http://%{SERVER_NAME}/" against "MATCHED_VAR" required. [hostname "www.eyetryon.com"] [uri "/merch/Update_Product.php"] [unique_id "IkJ@jwoHRisAAFPMRpIAAAAL"]
This field is for people to enter their web addresses and picture URL's, so it's information I want. However, because it's recognized as a remote file injection attempt, my form won't work.
[Mon Apr 19 13:52:06 2010] [error] [client ] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "815"] [id "340162"] [rev "177"] [msg "Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)"] [data ""] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith http://%{SERVER_NAME}/" against "MATCHED_VAR" required. [hostname "www.eyetryon.com"] [uri "/merch/Update_Product.php"] [unique_id "IkJ@jwoHRisAAFPMRpIAAAAL"]