I have been having a unique issue where whenever I POST a URL ending in a ?, the page will return a 403 error.
Here is my example code:
page.php:
<?php
print_r($_POST);
?>
POST to page.php:
https://google.com/?ref=123 returns 200 Array([url] => https://google.com/?ref=123)https://google.com/?ref=123? returns 403http ? abc returns 200 Array([url] => http ? abc)http ? returns 403abcd ? returns 200 Array([url] => abcd ?)Why is it if my URL contains http and ends in a question mark, it will throw a 403 error?
I am running CentOS Linux V7, PHP v7.2.10, and Apache V2.4.6
Figured out my problem:
In /usr/local/apache/domlogs/example.com.error.log there were lines that said:
[Mon May 22 17:42:53.522519 2023] [:error] [pid 886:tid 140380883953###] [client IP:15555] [client IP] ModSecurity: Access denied with code 403 (phase 2). Match of "endsWith /modules/paypal/express_checkout/payment.php" against "REQUEST_FILENAME" required. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "29"] [id "211120"] [rev "12"] [msg "COMODO WAF: Remote File Inclusion Attack||example.com|F|2"] [data "Matched Data: https? found within REQUEST_FILENAME: /path/to/file.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "example.com"] [uri "/path/to/file.php"] [unique_id "ZGvh3ZWCyBfOi8SV7cODxwAAAAI"], referer: https://example.com/path/to/file.php
In /usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf I commented out the matching line