如果URL作为输入参数提交，则Apache会阻止请求 [英] Apache blocks request if URL is submitted as input param

问题描述

我一直在互联网上搜索，但令人惊讶的是，任何人都没有提出单一答案或单一查询，我是唯一一个面临这个问题的人。可能是因为当我们在表单中说URL时，google会给出与表单相关的所有结果属性。但在这里，我根本不是在谈论行动网址。所以我将从html代码开始。

I have been searching on internet, but suprisingly not even single answer or single query has been raised by anyone, am I the only one facing this issue. May be because when we say URL in form google gives all the results related 'attribute' of form. But here I am not talking about action URL at all. so i will start with html code.

 <form action="/something_that_does_not_matter" method=post>
    <input name="profile" type="text" placeholder="Enter name"/>
<input name="link" type="text" placeholder"="Enter URL"/>
</form>

如果用户在两个输入中都提交了一些字符串，则此表单正常工作。
当它出现问题时？
当您在链接字段中输入任何URL时。因为这是应该做的。
请不要让我在这里告诉脚本，因为我100％肯定在服务器端没有问题，因为我甚至尝试过最简单的PHP，如

This form works fine if user submits some strings in both inputs. When it becomes issue? When you enter any url in link field. because that is what is supposed to do. Please do not ask me to tell script here, because I am 100% sure theres no issue on server side, as i have even tried with simplest php like

<?php echo $_POST["link"]; ?>

它只发生在certhosting服务器上，在我的本地它工作正常，有点猜测和研究给了我这一个原因，apache有这个安全协议，如果启用，不会让你，提交有害的东西。它阻止我的任何网址，即使提交 http：// hey 它被阻止所以问题也不是网址。

It happens on certifiedhosting server only, on my local it works fine, little bit guessing and research gave me this one reason, that apache has this security protocol which if enabled wont let you, submit something harmful. And it is blocking my any url, even if is submit "http://hey" it gets blocked so issue is not with url also.

我的托管提供r准备为我禁用该规则，但那将是我自己的风险。所以我显然不希望这样。

My Hosting provider is ready to disable that rule for me, but then it would be my own risk. so I dont want that obviously.

所以现在我的问题是为什么那里有安全，如果它真的是威胁，那么真正想要真正做到这一点的人将如何这样做？

So now my question is why is security there, and if it is really threat, how do someone who really wants genuinely to do it will do it?

对于纯html表单提交，我根本找不到解决方案。但对于基于ajax的请求，我找到了一些解决方案。
首先我尝试编码/解码哪个不能工作，因为服务器首先尝试找到其中包含http：//的编码子代码。所以没有用

For pure html form submission i cannot find solution at all. But for ajax based request i have found some solutions. First i tried to encode/decode which wont work, as server first tries to find that encoded subsrtring which has http:// in it. So no use

另一个解决方案是提交ht $$ p：//然后在我的PHP脚本中修复它。但它的所有解决方法，并迫使我使用基于Ajax。如果只想以HTML格式进行操作，我的应用程序就不会有JavaScript。

Another solution is to submit ht$$p:// and then fix it in my php script. but its all workaround, and forces me to use Ajax based. what if just want to do it in HTML form, my application wont have JavaScript on it.

任何人？

推荐答案

不确定如何在没有javascript的情况下执行此操作，但您可以使用javascript从网址中删除http：并提交它会工作，而且众所周知，//无论如何都会告诉你启动网址。

No sure about how to do it without javascript, but you can strip out 'http:' from url using javascript and submit it it will work, and as we all know, // anyway will tell you starting of url.

通过@Aayaush更改代码

Making changes to code by @Aayaush

<input type="text" placeholder="Enter URL" onkeyup="document.getElementById('link').value=(this.value).replace(/https?:/,'')" >

<form>
<input name="profile" type="text" placeholder="Enter name"/>
<input name="link" id='link' type="hidden">
<input type="submit">
</form>

同时检查一下。
https://stackoverflow.com/a/39375297/3335776

这篇关于如果URL作为输入参数提交，则Apache会阻止请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！