Reputation: 1022
"wGeT" keyword in $_POST
I am developing a small application where an admin can insert bulk discount voucher codes in the back-end. In the front-end, site visitors can get those codes, one by one. To insert voucher codes in the backend, I am providing the admin a Textarea where he can insert them all at once. Everything was working fine, until I got a unique voucher code "XXXXXX-XXX-XXX-wGeT".
I have a simple HTML form, which is submitted using the POST method. On submitting this voucher code, the browser sends me a "501-Method not implemented" error in the response. The problem is with the "wGet" keyword in the code. I know wget is a linux command, but here I am sending it as a text in POST. Server just sending me 501 error. I googled a lot, but didn't have any luck. How do I escape this "wGeT" keyword, before form submit?
edit:
<?php
if($_REQUEST){
echo '<pre>';
print_r($_REQUEST);
echo '</pre>';
}
?>
<html>
<head>
<title>Wget Demo</title>
</head>
<body>
<form name="frmCodes" method="POST">
<textarea name="voucher_codes"></textarea>
<input type="submit" name="btnSubmit"/>
</form>
</body>
</html>
Upvotes: 0
Views: 308
Answers (1)
Reputation: 4455
I think mario's comment is right, it's probably mod_security.
default behaviour will be scanning POST data ( see /etc/httpd/conf/modsecurity.conf )
SecFilterScanPOST On
with wget blocked
# WEB-ATTACKS wget command attempt
SecFilter "wget\x20"
comment out this SecFilter by preceding it with # (or set SecFilterScanPOST to Off) and restart apache to see if it solves it.
or use a .htaccess file in the corresponding directory containing:
<IfModule mod_security.c>
# Turn the filtering engine On or Off or DynamicOnly for cgi/php/etc
SecFilterEngine On
# Should mod_security inspect POST payloads
SecFilterScanPOST Off
# this rule allows wget but logs it so you can verify it if necessary
SecFilter "wget\x20" "log,pass"
</ifModule>
I put both options in so you can play with it somewhat, it's probably possible to be more site specific but you'll need to read up a bit on mod_security rules
slight edit: added a wget allowing but logging rule to .htaccess, this would allow you to put SecFilterScanPOST to On
Upvotes: 6
Related Questions
- POST request with Wget?
- How to use wget in php?
- How to use wget to post a html form?
- How to download a page with html form (post method) with wget?
- wget send $_GET data instead of $_POST data?
- Receiving file from WGET in PHP
- What is the wget command to submit data to this form?
- Downloading using wget in php
- Executing wget via PHP
- Passing $_GET or $_POST data to PHP script that is run with wget