Author Topic: modsecurity http:/ redirection problem  (Read 8121 times)

0 Members and 1 Guest are viewing this topic.

Offline Hector Rasmunsen

  • Newbie
  • *
  • Posts: 1
    • View Profile
modsecurity http:/ redirection problem
« on: May 21, 2012, 11:35:29 AM »
Hi there,

I have a problem with out.php url containing "http:/" anywhere in the middle of it. modsecurity is blocking those kind of urls by redirecting to 403, then 404 page. This is some kind of code injection protection.

http://www.mysite.com/tp/out.php?link=click&url=http%3A//www.somesite.com%3D - this kind of url is not working with the modsecurity enabled.

Since disabling modsecurity is not an option on my host, is there any way to change redirection url to //www.somesite.com%3D and edit the out.php script?

http://www.mysite.com/tp/out.php?link=click&url=www.somesite.com%3D
http://www.mysite.com/tp/out.php?link=click&url=//www.somesite.com%3D - this kind of redirection will work.

Since there's a problem with modsecurity, which is an Apache module, php could use http:/ in the redirection script (not allowed to visitors in the browser url only), so I guess it's possible to write some kind of php "wrapper" which will include out.php with the correct settings, so the user could easily use outwrapper.php instead of out.php for redirection url, all depending on their host settings.

This is one of the possible workaround.

Since I had in mind to install your script on like dozen of domains, I will probably buy the license for all of them soon. Is it possible to contact you and discuss about potential solution?

Thanks!

Offline ip0li

  • mgSearkGD
  • Administrator
  • Hero Member
  • *****
  • Posts: 1963
    • View Profile
    • Pretty Girls from your city for night
Re: modsecurity http:/ redirection problem
« Reply #1 on: May 21, 2012, 02:00:40 PM »
http://www.yoursite.com/tp/out.php?p=100&link=click&url=//www.google.com

urls like this WILL WORK, since // means keep same protocol!

Let me know if it works, since it does for me!