SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,615
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)

    403 error in chrome with empty search string

    I stumbled across something rather odd. In chrome, if I use a search field and click the "Search" button without any search terms and the search string ends up being empty, chrome throws a 403 error. In firefox, this doesn't happen and the "no results found" page appears normally.

    Here's the relevant apache access logs:
    Code:
    127.0.0.1 - - [23/Oct/2012:09:26:34 -0400] "GET /?s= HTTP/1.1" 200 36578 "http://test.mydomain.org/" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    127.0.0.1 - - [23/Oct/2012:09:26:57 -0400] "GET /?s= HTTP/1.1" 403 376 "http://test.mydomain.org/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4"
    127.0.0.1 - - [23/Oct/2012:09:35:11 -0400] "GET /?s= HTTP/1.1" 403 376 "http://test.mydomain.org/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4"
    The first entry is firefox. The following two are Chrome.

    Any ideas?
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  2. #2
    SitePoint Evangelist
    Join Date
    Jun 2007
    Location
    North Yorkshire, UK
    Posts
    483
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can you confirm that if your supply a search value it works for both browsers.

    You are using a GET. A form would normally be transmitted as a POST.

  3. #3
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,615
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    If I supply search terms, everything works fine in both browsers.

    Normally, yes, most forms are POST. But in wordpress, the search form is typically GET in order to use pagination links.

    [edit]: IE9 behaves in the same manner as chrome.
    Last edited by Force Flow; Oct 23, 2012 at 10:23.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  4. #4
    SitePoint Evangelist
    Join Date
    Jun 2007
    Location
    North Yorkshire, UK
    Posts
    483
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is it possible to see the page causing the problem on the web?

    I would have though that there must be a difference between the two requests. It is very unlikely that the server side code would have a browser dependency in it.

  5. #5
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,615
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    I did some more troubleshooting, and found the source of the problem. It was an entry in the htaccess file generated by the Better WP Security plugin, which is intended to prevent various known hacking attempts.

    This is the line in question:

    Code:
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>||"|;|\?|\*|=$).* [NC,OR]
    I revised it so that empty query variables were permitted:

    Code:
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>||"|;|\?|\*$).* [NC,OR]

    I also posted about it in the plugin's discussion forum:
    http://wordpress.org/support/topic/g...ses-403-errors

    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •