[wp-hackers] What would strip $_POST before 'init' runs?
Mike Walsh
mpwalsh8 at gmail.com
Wed Jul 18 18:07:00 UTC 2012
Replying to my own message - I have finally figured it out. The Apache
server security doesn't like that I was passing a Google Form URL in a
post parameter. By encoding it and then decoding it later when I actually
needed it, the server is happy and is no longer throwing 403 errors.
Mike
On Wed, Jul 18, 2012 at 12:45 PM, Mike Walsh <mpwalsh8 at gmail.com> wrote:
> I finally got some additional data on this problem I am chasing. The
> hosting provider coughed up a server error log. This is what it contains:
>
> [error] ModSecurity: Access denied with code 403 (phase 2).Match of "rx
> ://%{SERVER_NAME}/" against "MATCHED_VARS:gform-action" required.
> [file "/usr/local/apache/conf/modsec/10_asl_rules.conf"]
> [line "489"]
> [id "340162"]
> [rev "262"]
> [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection
> attempt in ARGS (AE)"]
> [data "
> https://docs.google.com/spreadsheet/formresponse?formkey=dhzsutftwllwzwf6lwdyb0xcmkzsogc6mq&ifq
> "]
> [severity "CRITICAL"]
> [hostname "lanaddicts.org"]
> [uri "/test-form/"]
> [unique_id "UAbUbnrJTaEAAHtoboQAAAAG"]
>
> Thanks,
>
> Mike
>
> Anyone have any suggestions on how to interpret this?
>
> --
Mike Walsh - mpwalsh8 at gmail.com
More information about the wp-hackers
mailing list