[pmwiki-users] Getting strange 403 errors

Patrick R. Michaud pmichaud at pobox.com
Thu Apr 6 09:03:17 CDT 2006


On Thu, Apr 06, 2006 at 02:31:09PM +1200, Allister Jenks wrote:
>    On 4/6/06, Allister Jenks <arj at zkarj.co.nz> wrote:
>      In an existing group (where I have already been adding pages) some pages
>      give me the following error when I click "Save" after doing the initial
>      edit (i.e. create).
> 
>                                    Forbidden
> 
>      You don't have permission to access /pmwiki.php/Issue1/BottleCapLetters
>      on this server.
>    I've just done a snot-load of investigating on what, precisely upsets it
>    because I discovered that if I just put "xx" as the page content, it
>    allowed me to save with no problems.  By slowly eliminating sections of
>    the text I was cutting and pasting into the page I discovered that the
>    above error is generated if your page contains the following string:
> 
>    "curl "
> 
>    Note that there has to be a space after the word.  If the word ends a
>    line, then it works fine.
> 
>    HUH????  What is this all about???

Your site has Apache's mod_security enabled.  The mod_security
feature scans all incoming posts for forbidden words or phrases
that might indicate someone is trying to hack the system, and if
any of them are present then Apache returns the 403 Forbidden
error.

It turns out "curl " is one of the forbidden phrases ("curl"
is a popular utility for retrieving files from webservers).
Another one we've run into in the past is "file(".

mod_security intercepts the requests and sends the forbidden
message before PmWiki ever gets a chance to run, so there's not
anything that PmWiki can do about it.  It has to be taken care of
in the server configuration.

Hope this helps,

Pm




More information about the pmwiki-users mailing list