间歇性的HTTP 403 Forbidden错误调用同阿贾克斯code [英] Intermittent HTTP 403 Forbidden error calling same Ajax code
问题描述
我用我的JavaScript客户端(例如, foo.js )打电话给我的PHP的Ajax code服务器(例如,酒吧.PHP )。这完美的作品大部分时间,但偶尔我得到的,而不是通常的200(OK)回HTTP 403(禁止)。发生这种情况使用完全相同的code,相同的参数,等等。
这是为什么发生?我该如何解决这个问题?是否有机会它的发生是由于某些行动的在我 bar.php code?我如何可以登录的原因呢?
在 foo.js 客户端:
函数postAjax(URL,查询字符串,回调){
VAR X =新XMLHtt prequest();
x.onreadystatechange =功能(){
如果(x.readyState === 4){// 4 =后的HTTP响应内容加载完毕
如果(x.status === 200)回调(真,x.responseText);
否则回调(假,x.status);
}
};
x.open(POST,网址,真实);
x.setRequestHeader(X-要求,随着','XMLHtt prequest');
x.setRequestHeader(内容型,应用程序/ x-WWW的形式urlen codeD');
x.send(查询字符串);
}
VAR PARAMS ='AAA = XXX和放大器; BBB = YYY';
postAjax('bar.php',参数,可以myCallBack函数);
功能myCallBack函数(ajaxStatus,ajaxResponse){/ *做某事* /}
在 bar.php 服务器:
< PHP
标题(内容类型:text / plain的);
$ isAjax =使用isset($ _ SERVER ['HTTP_X_REQUESTED_WITH'])及&安培;用strtolower($ _ SERVER ['HTTP_X_REQUESTED_WITH'])===xmlhtt prequest';
如果($ isAjax){
/ *做一些与$ _ POST ['AAA']和$ _ POST ['BBB'] * /
回声成功;
}
其他 {
回声错误;
}
?>
新的信息附加:
浏览器控制台(在这个例子中火狐):
当一切都很好(大部分时间):
+ POST http://example.com/bar.php 200 OK ZZZms
在错误(例如,在第7次后,最后我试过):
+ POST http://example.com/bar.php 403禁止X ZZZms
我回来403 ajaxResponse,其中来自x.status
扩大'+'在Firefox的控制台,我看到响应:
<!DOCTYPE HTML PUBLIC - // IETF // DTD HTML 2.0 // EN>
< HTML>< HEAD>
<冠军> 403禁止< /标题>
< /头><身体GT;
< H1>禁止< / H1>
< P>您没有权限访问/bar.php
,在此服务器上< / P>
< P>此外,404未找到
同时试图使用ErrorDocument来处理请求时遇到错误< / P>
< /身体GT;< / HTML>
纵观Apache的原始Accwss登录(直通的cPanel),我看到了类似的帖子行所有,与200在7测试改为404状态:
<我的IP> - - [17 /一月/ 2015:09:55:50 -0500]POST /bar.php HTTP / 1.1404 - <我的测试网址>中Mozilla的/ 5.0(Windows NT的6.1; WOW64; RV:35.0)的Gecko / 20100101火狐/ 35.0
您没有权限访问???
为什么我有权限6次,但不是第7次?
纵观Apache的错误日志(直通的cPanel)在同一时间,我看行:
[星期六01月17日9时55分五十零秒2015年] [错误] [客户端和LT;我的IP>]文件不存在:/家庭/<我的使用者名称> /的public_html / 403.shtml,引荐:其中;我的测试网址>
做了一些深入的研究。这是... 的mod_security !
看 http://www.opensourceforu.com / 2011/08 /保护-Apache的一部分-10的mod_security / ,搜索SecFilterScanPOST。我的AAA发布变量作为一些随机的令牌,并偶尔有过滤的这mod_security的机制值。
这是固定在与主机支持聊天。起初,我以为我可以解决它自己编辑一些.htaccess文件(S)适当的,但最终还是出现了,我需要他们的帮助。
I use my JavaScript client (say, foo.js) to call my php Ajax code in the server (say, bar.php). This works perfectly most of the time, but once in a while I get back HTTP 403 (Forbidden) instead of the usual 200 (OK). This happens using exactly the same code, same parameters, etc.
Why is that happening? How can I fix it? Is there a chance it's happening due to some action inside my bar.php code? How can I log the reason for it?
The foo.js client:
function postAjax(url, queryString, callback) {
var x = new XMLHttpRequest();
x.onreadystatechange = function() {
if (x.readyState === 4) { // 4=after HTTP response content finished loading
if (x.status === 200) callback(true, x.responseText);
else callback(false, x.status);
}
};
x.open('POST', url, true);
x.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
x.setRequestHeader('Content-type','application/x-www-form-urlencoded');
x.send(queryString);
}
var params = 'aaa=xxx&bbb=yyy';
postAjax('bar.php', params, myCallback);
function myCallback(ajaxStatus, ajaxResponse) { /* do something */ }
The bar.php server:
<?php
header('Content-Type: text/plain');
$isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';
if ($isAjax) {
/* Do something with $_POST['aaa'] and $_POST['bbb'] */
echo 'Success';
}
else {
echo 'Error';
}
?>
New info appended:
Browser Console (in this example Firefox):
When all is good (most of the time):
+ POST http://example.com/bar.php 200 OK ZZZms
When error (e.g., after the 7th time the last I tried):
+ POST http://example.com/bar.php 403 Forbidden X ZZZms
and I get back 403 in ajaxResponse, which comes from x.status
Expanding the '+' in the Firefox console, I see the response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /bar.php
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>
Looking at the Apache Raw Accwss Log (thru cPanel), I see a similar POST row for all, with the status changed from 200 to 404 in the 7th test:
<my IP> - - [17/Jan/2015:09:55:50 -0500] "POST /bar.php HTTP/1.1" 404 - "<my test url>" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0"
"You don't have permission to access" ???
How come I have permission 6 times but not the 7th time?
Looking at the Apache Error Log (thru cPanel) for the same time, I see the row:
[Sat Jan 17 09:55:50 2015] [error] [client <my IP>] File does not exist: /home/<my user>/public_html/403.shtml, referer: <my test url>
Did some thorough research. It's... mod_security !!!
Look at http://www.opensourceforu.com/2011/08/securing-apache-part-10-mod_security/ , search for 'SecFilterScanPOST'. My 'aaa' posted variable serves as some random token, and once in a while had a value filtered by this mod_security mechanism.
This was fixed following a chat with the host support. Initially I thought I could solve it myself by editing some .htaccess file(s) appropriately, but eventually it appeared I needed their assistance.
这篇关于间歇性的HTTP 403 Forbidden错误调用同阿贾克斯code的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
