在GET变量通过URL时,403禁止 [英] 403 Forbidden when passing URL in GET variable
问题描述
我有这样一个问题:
<一href="http://stackoverflow.com/questions/1089744/403-forbidden-on-php-page-called-with-url-en$c$cd-in-a-get-parameter">403禁止对在$ _GET参数调用URL连接codeD PHP页面
I am having a problem like this:
403 Forbidden on PHP page called with url encoded in a $_GET parameter
我收到403禁止错误 当我通过一个URL作为这样一个GET变量
I am getting "403 forbidden" error When i pass a url as a GET variable like this
http://script/test.php?url=http://stackoverflow.com/questions/ask
但是,这是确定的。
But this is ok.
http://script/test.php?url=stackoverflow.com/questions/ask
即使我urlen c中的URL $ C $它仍然给了我403。
And even if i urlencode the url it still gives me a 403.
的Apache mod_fcgid / 2.3.6 mod_auth_passthrough / 2.1 mod_bwlimited / 1.4的FrontPage / 5.0.2.2635服务器的-----端口80
Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at ----- Port 80
和我不认为这服务器的mod_security启用,因为当我添加 SecFilterEngine关
htaccess的我得到500内部服务器错误。
And I don't think this server has mod_security enabled, Because when I add SecFilterEngine Off
in htaccess I get "500 Internal Server Error".
code片断:
$URL = mysql_real_escape_string($_GET['url']);
mysql_query("INSERT INTO `url` ...");
所以现在的问题是,我可以解决这个问题无需编辑httpd.conf文件,因为我没有root权限。 谢谢
So the question is, can I fix this without editing httpd.conf, because I don't have root privilege. Thanks
推荐答案
您是否有访问Apache错误日志本身?如果这是一个的cPanel系统,你有shell访问,请尝试查看日志的/ usr /本地/ Apache /日志/ error_log中 - mod_security的错误会出现在那里。否则,你可以看看你的控制面板中,看它是否拿起任何错误消息。
Do you have access to the apache error log itself? If this is a cPanel system and you have shell access, try viewing the log /usr/local/apache/logs/error_log - mod_security errors will appear there. Otherwise, you can look inside your control panel to see if it picks up any error messages.
,你仍然可以把SecFilterEngine在.htaccess如果不允许在关键字后得到一个500错误。
Even if mod_security is installed, you can still get a 500 error after putting SecFilterEngine in .htaccess if the keyword isn't allowed.
我建议您联系您的虚拟主机,以确定是否mod_security的是事业。如果是,你可以要求他们创建一个例外。 (我在一家网络托管公司合作,我们几乎总是乐意为您mod_security的例外合理应用)
I recommend contacting your web host to determine whether mod_security is the cause. If it is, you can ask them to create an exception. (I work for a web hosting company, and we're almost always happy to make mod_security exceptions for reasonable applications)
如果它造成的mod_security和您的虚拟主机将不会产生异常,您可能需要更改托管公司或找到一个不同的方式来传递的网址(base64编码可能为你工作)
If it's caused by mod_security and your web host won't create an exception, you either need to change hosting companies or find a different way to pass the url (base64 encoding might work for you)
这篇关于在GET变量通过URL时,403禁止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!