2

Possible Duplicate:
403 Forbidden Error While Sending GET Data

When a $_GET variable contains the value "http://abc.com", the page returns "Forbidden. You don't have permission to access /get.php on this server."

You can try it out at http://softwareholic.com/get.php (output with var_dump($_GET);)

These are ok

softwareholic.com/get.php?link=123 //output: array(1) { ["link"]=> string(3) "123" } 
softwareholic.com/get.php?link=http:// //output: array(1) { ["link"]=> string(7) "http://" }

These will fail

softwareholic.com/get.php?link=http://google.com  
softwareholic.com/get.php?link=http%3A%2F%2Fgoogle.com

The thing is they worked on my localhost and downtownhost.com. The problem shows up only on hostgator.com. I have also remove .htaccess to narrow things down.

Any ideas?

Community
  • 1
  • 1
user1500556
  • 23
  • 1
  • 4

1 Answers1

1

Your host is enforcing the 403 as a security measure, probably in an attempt to prevent Open Redirect vulnerabilities.

Do you really need to redirect to any given URL by the user? How about storing possible URLs in a database table, and passing in the ID in the querystring, then lookup and redirect.

MrCode
  • 63,975
  • 10
  • 90
  • 112
  • I'm using it as a bookmarklet to pass the location.href link to my server. I thought it would be straightforward. Will strip the http:// and add it back on the server side. Thanks! – user1500556 Nov 21 '12 at 12:45
  • No problem, when stripping the http:// keep in mind you might get some https:// so need to handle that in your code. – MrCode Nov 21 '12 at 12:57