I have a simple custom MVC app using $_GET to parse a url, and i've got it working on my dev server as well as a few different webhosts using php 7.1... but I'm trying to use x10hosting's free lamp hosting and the data being passed from $_GET is coming through as 403...
I've proved that it works on other servers as well as my own dev server with this
echo '<pre>', $route->path, $_GET['url'], '</pre>';
when going to the url http://app/admin... this line in my loop gives me what should be expected...
/admin
adminadmin
but on x10's server i get this
/403.shtml
admin403.shtml
I have tried encoding to base64 with urlencode($_GET) as well as disabling mod_sec in the .htaccess with
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
neither solution worked... I'm almost certain it's a server config issue but access is pretty much limited to .htaccess and php.ini .... I haven't touched php or apache in a while and am a little lost... any help would be greatly appreciated
This does sound like a mod_security type issue. And, as you have found, you are unable to disable mod_security on the free hosting platform.
I have encountered mod_sec rules on a number of shared hosts that simply block the request based on certain parameter names (supposedly blocking common XSS attempts). url is a common one. site is another. Simply changing the parameter name might be all that's required.
"Free" hosting accounts are always going to have some restrictions. If this is the only thing that holds you back then you are lucky.