When the PHP file got a data that has '> <' or 'http://' with GET Methode, it's going to Forbidden Page.
example:

  • mysite.com/folder/chat.php?text='> <'

or

This is the result :
[
Forbidden

You don't have permission to access /folder/chat.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
]

Any help will be Appreciate :)

Recommended Answers

All 10 Replies

You can't just put any character in an GET parameter because it posted into the URL. Use a POST variable in stead and/or encode the variable input to url-save characters (e.g. use base64_encode).

Thankyou for Replying :)

@pritaeas
I don't to know, what's the mean of rewrites?

@C#Jaap
I use AJAX for a chat box, and i test that chatbox with those string. So, i use PHP Get.

Even so, i'm still new in AJAX. Can we use POST in AJAX? If there's a way can be used to prevent that forbidden page, i would like to have a try :)

It appears you have installed an out-of-the-box chat system\
those systems are usually configured to block url access to the chat server, else anybody could push anything into your chat.
imagine a bot locating the chat system and pushing porn into the stream going to all your users just by
ht tp:// yoursite/chat.php?msg=pornomesage-ewthatsdisgusting
Ajax (used to post and read posts in the chat window) runs locally on your server, so is not blocked
$_get will not work to test $_post will not work to test, both would be seen to be external accesses
likely there is in the chat /folder/ .htaccess somethin like

<Limit GET POST> 
order deny,allow 
deny from all 
</Limit>

You will have to configure and test according to the install instruction on the download site

AJAX! It wasn't clear for at the time I wrote the answer. I don't know if you use some component for it. Using POST variable in XMLHttpRequest (which is used to make an AJAX call) is described on this page:
Click Here
Hope this helps.

@almostbob

<Limit GET POST>
order deny,allow
deny from all
</Limit>

what those mean? forgive me, i'm not to understand. Could you explain it?

@C#Jaap
Hmm.. now i'm still use replacing string that can be trouble,
for example:
"http://" replaced with "http: //" << this works.
So, is there any solution to prevent forbidden page? :)

Neartoyou, I do not understand your "now I'm still use replacing string that can be troubel,"

Why? Can't you put it into an POST variable? Do you still got the message?

In that case, I think you can best encode your variable values. PHP has got a base64_decode function to return the input to normal. But you'll have encode it in javascript (I assume) and for that you'll have to write a function that can encode your input or you copy it from available sources like: those on Stack Overflow. I should use (actually try) the one from PHP.js.

You CANT post or get to the chat service
it is locked down to secure it against malicious outside access

the .htaccess code sample is one method of preliminary lockdown, that always produces the response shown in the OP
you do not recognize the codescrap =>> there is only one method for you to follow to resolve your problem

re-read the setup configuration instructions and follow them, (boring, but usually works)

reiterated: slightly different words,
You cannot access the chat service by URL, get, or post, it is secured against access not inititated by processes on your server, Ajax runs ON your server

You have to test it via itself

@C#Jaap
Forgive me, i'm now understand. Now, I'm trying using POST method in AJAX. :D Isn't it?
Thankyou :)

@almostbob

You cannot access the chat service by URL, get, or post, it is secured against access not inititated by processes on your server, Ajax runs ON your server

is it to secure the file in the folder?

no

You CANT post or get to the chat service
it is locked down to secure it against malicious outside access

it is to secure the chat service against outside malicious people or bots inserting spam porn or other unwanted crap in your chat system.
If you can post to the chat by putting a url parameter value, so can everything else

read the fluffy manual and follow the instructions

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.