|
Home > Archive > Apache Server configuration support > November 2006 > apache post problem 403 forbidden on linux
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
apache post problem 403 forbidden on linux
|
|
| albertaceo 2006-11-07, 7:27 am |
| Hi,
i have a c# client that try to upload a file using the method
UploadFile of the WebClient. I receive a 403 error.
The same page php that i use work if the post is made from another php
page. The UploadFile methow works fine before september, but i think
that my hoster have chenged some configuration...
Help!
| |
| shimmyshack 2006-11-07, 7:27 am |
| UploadFile is not that great, if you have access to the c# source, try
modifying it to be a bit more compliant.
Check the headers it is sending by setting it to proxy through a work
station on your LAN, on which you run an http proxy like paros or
fiddlertool.
Do you use cookies. UploadFile isnt great with them
Has you host recently installed mod_security, if so what mimetype is
the upload form set to use?
sorry i cant be of more help, oh yeah and is the c# client set to use
HTTP/1.1?
| |
| albertaceo 2006-11-07, 1:20 pm |
|
shimmyshack ha scritto:
> UploadFile is not that great, if you have access to the c# source, try
> modifying it to be a bit more compliant.
> Check the headers it is sending by setting it to proxy through a work
> station on your LAN, on which you run an http proxy like paros or
> fiddlertool.
> Do you use cookies. UploadFile isnt great with them
> Has you host recently installed mod_security, if so what mimetype is
> the upload form set to use?
> sorry i cant be of more help, oh yeah and is the c# client set to use
> HTTP/1.1?
is set to use HTTP/1.0 and i use application/x-www-form-urlencoded,
i'll check for mod_security
| |
| albertaceo 2006-11-07, 1:20 pm |
|
[Tue Nov 07 17:35:33 2006] [error] [client 195.103.8.131] mod_security:
Access denied with code 403. Error processing request body: Multipart:
final boundary missing [hostname "www.---.com"] [uri
"/lagdetect_report_dgf.php"]
questo =E8 il messaggio di errore...
| |
|
|
|
| "albertaceo" <albertaceo@gmail.com> schreef in bericht
news:1162917796.077219.166140@e3g2000cwe.googlegroups.com...
> [Tue Nov 07 17:35:33 2006] [error] [client 195.103.8.131] mod_security:
> Access denied with code 403. Error processing request body:
> Multipart: final boundary missing [hostname "www.---.com"]
> [uri "/lagdetect_report_dgf.php"]
It appears to me this error is raised by mod_security because your request
is badly -or in an unusual way- formatted.
Just because the request does not look like those of commonly used browsers,
mod_security may block otherwise RFC compliant requests. Also, a slight
deviaton to the RFC may have been tolerated before, but now mod_security is
blocking the request.
The error referes to a multipart content. IIRC such content is inconsistent
with encoding type application/x-www-form-urlencoded you stated to be
using...
Use FireFox with LiveHTTPheaders to reverse engineer a widely accepted
implementaton and have your c# program do the upload the very same way.
HansH
| |
| shimmyshack 2006-11-07, 7:23 pm |
| set it to use HTTP/1.1 or add the host header manually
HTTP/1.0 doesnt send through the host header, so if you are using name
based virtual hosting (a shared server setup) then when the request is
sent to the IP address, the server doesnt know which host to send the
request on to.
mod_security is bans null hostnames be default, so you could try
changing this first.
# Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Require HTTP_USER_AGENT and HTTP_HOST headers
SecFilterSelective "HTTP_USER_AGENT" "^$"
Also as has been said, make sure your form is set to use the right
encoding. Or change this in mod_sec
# # clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
SecFilterSelective HTTP_Content-Type
"!(^$|^text/plain;|^application/x-www-form-urlencoded$|^multipart/form-data;)"
# # clients supply "text/html" as Content-Type
# SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" chain
# SecFilterSelective HTTP_Content-Type
"!(^$|^text/plain;|^application/x-www-form-urlencoded$|^multipart/form-data;)"
mod_sec is great, but it WILL ban non-HTTP/1.1 requests.
mod_sec: no lazy-hackers:
"If you want to hack at apache you must at least follow the standards
as you do it"
make sure your c# client is compliant:
http://www.codeproject.com/csharp/UploadFileEx.asp
hope that helps:
m 
|
|
|
|
|