php - $_GET throws 403
问题描述
I have a simple custom MVC app using $_GET to parse a url, and i've got it working on my dev server as well as a few different webhosts using php 7.1... but I'm trying to use x10hosting's free lamp hosting and the data being passed from $_GET is coming through as 403...
I've proved that it works on other servers as well as my own dev server with this
echo '<pre>', $route->path, $_GET['url'], '</pre>';
when going to the url http://app/admin... this line in my loop gives me what should be expected...
/admin
adminadmin
but on x10's server i get this
/403.shtml
admin403.shtml
I have tried encoding to base64 with urlencode($_GET) as well as disabling mod_sec in the .htaccess with
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
neither solution worked... I'm almost certain it's a server config issue but access is pretty much limited to .htaccess and php.ini .... I haven't touched php or apache in a while and am a little lost... any help would be greatly appreciated
解决方案
这听起来像是一个 mod_security 类型的问题。而且,正如您所发现的,您无法在免费托管平台上禁用 mod_security。
我在许多共享主机上遇到了 mod_sec 规则,这些规则只是根据某些参数名称来阻止请求(据说会阻止常见的 XSS 尝试)。url
是一个常见的。site
是另一个。只需更改参数名称即可。
“免费”托管帐户总是会有一些限制。如果这是唯一让你退缩的事情,那么你很幸运。
推荐阅读
- javascript - 本地存储未定义为什么?
- node.js - 将自定义 Yeoman 生成器公开为 REST API
- javascript - 创建了一张在列表上使用 useState 切换的卡片,但它会切换所有项目
- reactjs - Reacjs- 弹出窗口:如何在不点击/悬停的情况下触发弹出窗口?
- c++ - 在不知道类型的情况下初始化元组中的智能指针
- flask - SqlAlchemy CASE 语句: ValueError: too many values to unpack (expected 2)
- apache - 如果目录存在,Apache mod_rewrite 将请求方法设置为“GET”
- node.js - 没有日志语句,NodeJS await 不起作用
- c# - 在 .netcore 3.1 WCF SOAP 服务中添加 MTOM/XOP 附件作为字节数组
- postgresql - 导入有效的 SQL 函数时,pgAdmin4 返回类型不匹配?