jgadsby
Member
Hi there,
I've recently installed Gravity Forms and am setting up my first form. One of the fields is a custom post field called 'Website'. On the front-end, when I go to submit a website using this field, I get instantly directed to a 403 Permission Denied page with:
Forbidden
You don't have permission to access /add/ on this server.(/add/ being the page where the form is)
I've narrowed down the problem to being the '/' character in the field (e.g. http://). How can I get around this?
Can you share a link to the page on your site where the form is embedded?
This 403 error is likely coming from some configuration on your server. Can you check the error logs to see what was logged when the 403 code was returned?
jgadsby
Member
Here's what the domain log reveals:
ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "482"] [id "340162"] [rev "228"] [msg "Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)"] [data "http:/"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "beginsWith http:/%{SERVER_NAME}/" against "MATCHED_VAR" required.
jgadsby
Member
I should note that "User Submitted Posts" (the WP Plugin) allows people to enter web addresses (and works on my configuration) so I'm kind of scratching my head a little. Perhaps there's another method/custom bit of code that would allow the field to upload web addresses properly.
The issue is mod_security. Please contact your host to see about relaxing the rules to allow this normal submission through.
