Before ok but today Erro 403 with friendly url

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • soloarquitectura
    Member
    • Jun 2006
    • 42

    #16
    Originally posted by fatdogmandoza
    Does anyone know why "forumdisplay.php?4" would work and "forumdisplay.php?4-Classifieds" comes up with 403 error?
    This is true.

    showthread.php/98092-Bla-bla-bla works fine.
    showthread.php?98092 worsk fine.
    showthread.php?98092-Bla-bla-bla don't works.

    The combination of ? and - don't works.

    We have tried to redirect the basic friendly URLs to advanced in .htaccess without success so far (Error 403).

    Comment

    • soloarquitectura
      Member
      • Jun 2006
      • 42

      #17
      Almost certainly the source of the issue:


      In Spanish:
      Básicamente, la vulnerabilidad consiste en que en este tipo de instalaciones (sólo CGI, FastCGI o DSO no se ven afectadas), si la petición/request

      Comment

      • soloarquitectura
        Member
        • Jun 2006
        • 42

        #18


        PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected.
        One way to address these CGI issues is to reject the request if the query string contains a '-' and no '='. It can be done using Apache's mod_rewrite like this:

        RewriteCond %{QUERY_STRING} ^[^=]*$
        RewriteCond %{QUERY_STRING} %2d|\- [NC]
        RewriteRule .? - [F,L]

        Note that this will block otherwise safe requests like ?top-40 so if you have query parameters that look like that, adjust your regex accordingly.

        Comment

        • Wayne Luke
          vBulletin Technical Support Lead
          • Aug 2000
          • 73981

          #19
          PHP has released further updates for that issue. If you're host is still using CGI, then you should petition them to upgrade to FastCGI.

          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API

          Comment

          • Craig Reade
            Member
            • May 2005
            • 95
            • 3.0.7

            #20
            You need to get a hold of 1&1 again - talk to their dedicated support line. I wouldn't trust it to just email. My issue is now fixed - this is the last communication I had with them.


            Thank you for contacting us. We have fixed the issue with your server as one of our updates to insure the security of your server from php hacking attempts. The change was made in /kunden/etc/apache-perf/access.conf. If you have any further questions please do not hesitate to contact us. -- Sincerely, James Preston Dedicated Server Support 1&1 Internet Inc.
            They definitely made a change, and it didn't work correctly.

            Comment

            • soloarquitectura
              Member
              • Jun 2006
              • 42

              #21
              Originally posted by Wayne Luke
              PHP has released further updates for that issue. If you're host is still using CGI, then you should petition them to upgrade to FastCGI
              Adding AddType x-mapp-php6 .php to .htaccess we have PHP 5.4.3 (cgi-fcgi).

              But the issue remains, the 1&1 managed server is misconfigured.

              Comment

              • soloarquitectura
                Member
                • Jun 2006
                • 42

                #22
                Originally posted by Craig Reade
                My issue is now fixed
                You have luck, congratulations

                Comment

                • Craig Reade
                  Member
                  • May 2005
                  • 95
                  • 3.0.7

                  #23
                  A little luck, yeah. Some practice though - I've used them for so many years, I've learned that their regular tech support line and support via email is pretty well useless :LOL:

                  Comment

                  • luichi
                    Member
                    • Oct 2007
                    • 35

                    #24
                    To solve my problem I just need to add a rule un my .htaccess to force to transform http://xxxxx.com/showthread.php? into http://xxxxx.com/showthread.php/

                    ¿Is it posible? It will help me a lot but I dont really now how to do it, may be with mod rewrite, but I dont know how to build a rule to do that.

                    Something like:
                    RewriteRule ^showthread.php? ^showthread.php/

                    If some one who knows how to do this rule propertly can tell me how to do the rule, it will be very apreciate
                    Last edited by luichi; Thu 10 May '12, 5:14pm.

                    Comment

                    • soloarquitectura
                      Member
                      • Jun 2006
                      • 42

                      #25
                      Issue fixed in my sites by the 1&1 staff. Thanks!

                      Comment

                      • luichi
                        Member
                        • Oct 2007
                        • 35

                        #26
                        Originally posted by soloarquitectura
                        Issue fixed in my sites by the 1&1 staff. Thanks!
                        What did you tell them to make them know how to fix succeful the problem?

                        Thanks
                        Last edited by luichi; Fri 11 May '12, 2:42am.

                        Comment

                        • soloarquitectura
                          Member
                          • Jun 2006
                          • 42

                          #27
                          Originally posted by luichi
                          What did you tell them to make them know how to fix succeful the problem?
                          This thread!

                          Comment

                          • luichi
                            Member
                            • Oct 2007
                            • 35

                            #28
                            Nice, it works propertly again. Thanks to all for the help

                            Comment

                            Related Topics

                            Collapse

                            Working...