I get a 403 error when submitting "http://www." via GET. Even if it's encoded beforehand. Is there a solution for this?

Question

It seems like my shared host provider is detecting the presence of "http://www" or "http%3A%2F%2Fwww" in any get request and serving up a 403 page.

I also get an 'in addition' error...

"Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."

This only happens with this string. If I change it to something else the get is successfully submitted and the target page successfully returned.

If it helps I'm writing a QR code getter, so the ability to submit urls is quite important.

Also, strangely I can submit a url as long as it doesn't have 'www' in it. I can also submit 'www' as long as it isn't preceded by 'http://' (or the encoded version)

edit: Just to confirm this wasn't a specific problem with the page I was writing, I went to another page on my website that uses get request and manually inserted the string. This also generates the 403 error.

Answer 1

Yes -- there are two solutions:

1. Request to remove this strange security feature for your account from your provider.
2. Don't send urls with http://www in them. For example replace this scting in javascript before sending data to some "%htpwwwashere:(%", that will be replaced by you back in PHP.