Why am I getting a 403 error on a POST to a PHP script?
- by John Gallagher
Background
I want to allow my users to submit a crash report which will get emailed to me.
I'm using UKCrashReporter with the bundled PHP script I've modified. This code does a POST to a specified URL along with the crash report.
I'm on a shared server running Linux. My main domain is synapticmishap.co.uk.
The Problem
When I send the crash report off, on
the Cocoa side, it reports as having
sent it successfully, but I don't
receive an email.
The code has been used in lots of
other well established Cocoa projects
and it was working for me a few
months ago.
That leads me to conclude that the
problems are related to my web server
setup, something I know almost
nothing about.
When I look at my log files, I see
entries like this:
IP Redacted - - [10/Jun/2010:09:47:53 +0100] "POST /synapticmishap/crashreportform.php HTTP/1.1" 403 74 "-" "UKCrashReporter"
What I've tried
I've tried accessing the page at http://synapticmishap.co.uk/synapticmishap/crashreportform.php via a browser. It loads fine.
I've made sure the permissions on this php script are set so anyone can execute it.
I've tried removing the deny entries from the section of .htaccess at various levels starting with root.
I've downloaded the URLParams plugin for Firefox which allows you to simulate POSTs. I put in the URL above and tried a post with "crashlog" as the parameter and "test" as the value. This generated a 200 log entry in my log file - it seemed to work, although no mail message was sent.
Code
I've got the following at http://synapticmishap.co.uk/synapticmishap/crashreportform.php. I've simplified it to just the bare bones in an effort to get it working.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Crash Report</title>
</head>
<body>
<p>This page contains super special magic which submits a crash report item to me.</p>
<p>Nothing to see here - move along.</p>
<?php
mail( "[email protected].uk", "Crash Report", "\r\n\r\nThis is a test.");
?>
</body>
</html>
This is my top level .htaccess file:
RewriteEngine on
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
Options All -Indexes
RewriteCond %{HTTP_HOST} ^synapticmishap.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www.synapticmishap.co.uk$
RewriteCond %{HTTP_HOST} ^lapsusapp.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www.lapsusapp.co.uk$
RewriteRule ^/?$ "http\:\/\/synapticmishap\.co\.uk\/synapticmishap\/lapsuspromo\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^jgtutoring.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www.jgtutoring.co.uk$
RewriteRule ^/?$ "http\:\/\/synapticmishap\.co\.uk\/tutoring" [R=301,L]
RewriteCond %{HTTP_HOST} ^synapticmishap.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www.synapticmishap.co.uk$
RewriteRule ^/?$ "http\:\/\/synapticmishap\.co\.uk\/synapticmishap" [R=301,L]
RewriteCond %{HTTP_HOST} ^jgediting.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www.jgediting.co.uk$
RewriteRule ^/?$ "http\:\/\/synapticmishap\.co\.uk\/editing" [R=301,L]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://synapticmishap.co.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://synapticmishap.co.uk$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.synapticmishap.co.uk/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.synapticmishap.co.uk$ [NC]
RewriteCond %{HTTP_REFERER} !^http://synapticmishap.co.uk/synapticmishap/crashreportform.php/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://synapticmishap.co.uk/synapticmishap/crashreportform.php$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
Help!
I'm at the end of my tether with this and I'm in a very unfamiliar space with all this web stuff. I'd be most appreciative of any thoughts people had on why this isn't working. Thanks.