403 发送 GET 数据时出现禁止错误
我的服务器是Linux服务器,经销商是我的。这样我也可以到达 WHM 面板。
当 GET 数据出现时:
a.php?url=http://www.domain.com
返回 403 Forbidden。
但如果数据是这样的:
a.php?url=www.domain.com
它正在工作。
因此,http:// 会产生错误。我该如何修复它?
另外,这将返回 403 Forbidden :
a.php?url=http%3a%2f%2fwww.domain.com
谢谢。
My server is Linux server and reseller is mine. So i can reach WHM panel, too .
When GET data comes like :
a.php?url=http://www.domain.com
return 403 Forbidden.
But if data comes like this :
a.php?url=www.domain.com
it's working.
So, http:// generating an error. How can i fix it ?
Also, this is returning 403 Forbidden :
a.php?url=http%3a%2f%2fwww.domain.com
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
这绝对是 mod_security CoreRules 之一。我之前的主机也遇到过同样的问题。但是我不记得规则名称了。
您应该调查核心规则版本。 2.1.1 将是最新的,并且可能放宽了那个特殊的过滤器。如果更新或重新配置没有帮助,您还必须对您的 url 参数进行 base64_encode() (更简单的编码由 mod_security 嗅探)。
启用 mod_security 的调试日志记录,以便您可以找出实际导致问题的规则 - 如果您想禁用它(建议)。
http://www.modsecurity.org /documentation/modsecurity-apache/1.9.3/modsecurity-manual.html#07-logging
This is definitely one of the mod_security CoreRules. I've had the very same issue on my previous host. I don't remember the rule name however.
You should investigate the core rules version. 2.1.1 would be current, and might have relaxed that peculiar filter. If updating or reconfiguring doesn't help you would else have to base64_encode() your url parameter (simpler encodings are sniffed by mod_security).
Enables the debug logging of mod_security, so you can find out which rule actually caused the issue - if you want to disable it (advisable).
http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/modsecurity-manual.html#07-logging
您需要对查询字符串进行编码以使其有效,请参阅
urlencode()< /代码>You need to encode the query string so that it is valid, see
urlencode()回复:404——也许您正在将查询字符串重写到某处的路径,并且您没有打开AllowEncodedSlashes?
re: 404 -- perhaps you're rewriting the query string to the path somewhere, and you don't have AllowEncodedSlashes on?
这是 mod_security 的 10_asl_rules.conf 导致此错误。
.htaccess 正在获取该 URL 中的某些内容并发送禁止的标头。
It is mod_security's 10_asl_rules.conf causing this error.
It is the .htaccess is picking up on something in that URL and sending forbidden headers.