PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

"403 Permission Denied" When submitting website link

  1. jgadsby
    Member

    Hi there,

    I've recently installed Gravity Forms and am setting up my first form. One of the fields is a custom post field called 'Website'. On the front-end, when I go to submit a website using this field, I get instantly directed to a 403 Permission Denied page with:

    Forbidden
    
    You don't have permission to access /add/ on this server.

    (/add/ being the page where the form is)

    I've narrowed down the problem to being the '/' character in the field (e.g. http://). How can I get around this?

    Posted 7 years ago on Tuesday January 22, 2013 | Permalink
  2. Can you share a link to the page on your site where the form is embedded?

    This 403 error is likely coming from some configuration on your server. Can you check the error logs to see what was logged when the 403 code was returned?

    Posted 7 years ago on Tuesday January 22, 2013 | Permalink
  3. jgadsby
    Member

    Here's what the domain log reveals:

    ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "482"] [id "340162"] [rev "228"] [msg "Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)"] [data "http:/"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith http:/%{SERVER_NAME}/" against "MATCHED_VAR" required.

    Posted 7 years ago on Tuesday January 22, 2013 | Permalink
  4. jgadsby
    Member

    I should note that "User Submitted Posts" (the WP Plugin) allows people to enter web addresses (and works on my configuration) so I'm kind of scratching my head a little. Perhaps there's another method/custom bit of code that would allow the field to upload web addresses properly.

    Posted 7 years ago on Tuesday January 22, 2013 | Permalink
  5. The issue is mod_security. Please contact your host to see about relaxing the rules to allow this normal submission through.

    Posted 7 years ago on Tuesday January 29, 2013 | Permalink