[SOVED] POST 404 - 403 error

[eluser]d1a8lo24[/eluser]
I just happen to run into this problem today i didn't have this problem in the past. I don't know if its a CI problem, server, or an htaccess problem.

I'm running CI 2.0.2 by the way I have only been able to replicate this problem on my live server and only with CI's framework, on my own windows wamp server everything works fine.

Here is the problem whenever i submit a form through post, the data is not submitted. I found this when I was working on an application that i'm building. it seems that the following character typed twice is the problem >> and i don't know why.

I turn firebug on to see what was happening and it says that on post there is a 403 error funny thing is that in other forms in the app i don't have this problem. by the way the character will throw the 403 error if is typed in different ways >>, >< <><> so HTML tags that i want to allow will throw this error.

Also this only happens when the index.php is removed through the htaccess. If it is present on the URI everything works fine.

I have a simple htaccess

Code:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    #Removes access to the system folder by users.
    #Additionally this will allow you to create a System.php controller,
    #previously this would not have been possible.
    #'system' can be replaced if you have renamed your system folder.
    RewriteCond %{REQUEST_URI} ^system.*
    RewriteRule ^(.*)$ /index.php?/$1 [L]
    
    #When your application folder isn't in the system folder
    #This snippet prevents user access to the application folder
    #Submitted by: Fabdrol
    #Rename 'application' to your applications folder name.
    RewriteCond %{REQUEST_URI} ^application.*
    RewriteRule ^(.*)$ /index.php?/$1 [L]

    #Checks to see if the user is attempting to access a valid file,
    #such as an image or css document, if this isn't true it sends the
    #request to index.php
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?/$1 [L]
    
</IfModule>

<IfModule !mod_rewrite.c>
    # If we don't have mod_rewrite installed, all 404's
    # can be sent to index.php, and everything works as normal.
    # Submitted by: ElliotHaughin

    ErrorDocument 404 /index.php
</IfModule>

The form

Code:

<?php echo $this->input->post('bio'); ?>
<?php echo form_open('testing'); ?>
&lt;textarea name="bio" cols="50" rows="5" id="bio"&gt;&lt;/textarea><br />
&lt;input name="submit" type="submit" value="Submit" /&gt;
&lt;?php echo form_close(); ?&gt;

If anyone can help me figure this out i will really appreciated.

[eluser]Razican[/eluser]
It seems to work in my browser (Firefox). What is supposed to happen?

[eluser]Akinzekeel[/eluser]
Did you try to use the htaccess Code from the user's guide instead?

What is your index page in the main config (application/config/config.php)?

[eluser]d1a8lo24[/eluser]
On the form on the right you can type anything and submitted and you can see that the post data is sent. the post data is echo out at the bottom of the form and you can also see it in the profiler below the forms.

On the form on the left you can see that you can also type anything but when you add the carrot > symbol twice like the following >> or >< or <><> etc... the post data will not be submitted. nothing will echo out.

Firebug will give you an error under Net and then HTML you will get a POST 403.

You won't get any visual errors but the data is not being submitted.

[eluser]Akinzekeel[/eluser]
I think this error is caused by your .htaccess or webserver in general. CI will usually return HTTP 500 Internal Server Error, but what you get is 403 Forbidden.

[eluser]d1a8lo24[/eluser]
[quote author="sHiRoKKo1337" date="1304206311"]Did you try to use the htaccess Code from the user's guide instead?

What is your index page in the main config (application/config/config.php)?[/quote]

The configuration is standard, no changes except for removing the index.php to have the friendly URLs.

as far as the htaccess very standard and i have also use the code on the users guide which is not that different and the error is the same.

I have done almost everything on the testing even doing a standard fresh install of CI without any changes and i still get the same result.

I did see a lot of result on google when doing a search for post 403 and there are many reasons why this happens and also many solutions i have try a few but nothings works.

This is an error that i haven't been able to figure out.

[eluser]d1a8lo24[/eluser]
[quote author="sHiRoKKo1337" date="1304207053"]I think this error is caused by your .htaccess or webserver in general. CI will usually return HTTP 500 Internal Server Error, but what you get is 403 Forbidden.[/quote]

Well all server errors are by the server most 500 errors is a misconfiguration on your htaccess or in a configuration server file.

as far as the 403 i know what it is the problem is, is why does it only happens when the index.php is not present.

now the strange thing is that on other parts of my app the forms work fine which is strange.

This is my controller

class Testing extends CI_Controller {



function __construct()

{

parent::__construct();


$this->output->enable_profiler(TRUE);

}



function index()

{
$sections = array(
'config' => FALSE,
'queries' => FALSE
);

$this->output->set_profiler_sections($sections);

$this->load->view('testing');
}

}

this is my view

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
&lt;html &gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8" /&gt;
&lt;title&gt;Untitled Document&lt;/title&gt;
&lt;/head&gt;

&lt;body&gt;

<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td>No index.php typing the following the submission will fail <strong>&gt;&gt; &gt;&lt; &lt;&gt;&lt;&gt;</strong><br />&lt;?php echo form_open('testing'); ?&gt;
&lt;textarea name="bio" cols="50" rows="5" id="bio"&gt;&lt;/textarea><br />
&lt;input name="submit" type="submit" value="Submit" /&gt;
&lt;?php echo form_close(); ?&gt;</td>
    <td>With index.php no problems<br />&lt;?php echo form_open('index.php/testing'); ?&gt;
&lt;textarea name="bio" cols="50" rows="5" id="bio"&gt;&lt;/textarea><br />
&lt;input name="submit" type="submit" value="Submit" /&gt;
&lt;?php echo form_close(); ?&gt;</td>
  </tr>
</table>
<p></p>
Post Result: &lt;?php echo $this->input->post('bio'); ?&gt;

&lt;/body&gt;
&lt;/html&gt;

[eluser]d1a8lo24[/eluser]
Well i'm still testing trying to figure out the problem, now I have downgraded to CI 1.72 and I get a 404 page not found when posting but when the index.php is there i don't get any errors.


Now again this only happens with CI is on the server and only when the htaccess file is present to remove the index.php, to make friendly URLs.

Aside from that everything works fine.

So it seems that it is a server problem but what could it be causing it. I have found on th net that it is usually cause by mod_security under apache and i have done the solution but that still not working and i don't even think my host has mod_security install.

Code:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

I have seen a lot of post where this happens a lot on the net with different frameworks the one that mostly comes up is wordpress.

Anyway if anyone has any idea I will really appreciate the help I'm still waiting for my host to reply to see if they have made any changes in the past couple of weeks.

Thanks in advance.

[eluser]d1a8lo24[/eluser]
Just a quick followup if anyone runs into this problem in the future.

I did get a reply from my host after a couple of weeks. It seems that yes because of a security update this started to happen, and it had to do with some modsecurity filtering which is pretty much what I found while searching through the net specially on hosts that try to implement the latest security filtering through modsecurity.

Even though there are some workarounds through mod_rewrite it seems that the way they are implementing it on my hosts i'm not able to overwrite this.

As for now they just did a small modification for my domains and everything is back to normal, nothing to do with CI but with the server that I'm on.

Since I'm building apps that will have to be deployed on many different servers and i'm trying to make it as easy to work without having the client do much i did make a small adjustment to CI by extending the form helper and adding the index.php so that when it builds the url on form_open this will be there.

Thanks to the people that try to help.