我在页面中有一个表单,使用CodeIgniter框架将用户数据上传到我的在线服务器上。我可以使用HTTPS协议正常访问表单页面,但是当我尝试使用POST提交表单时,出现403 Forbidden: You don't have permission to access <url> on this server.
错误。可能是什么问题?
.htaccess
文件:
RewriteEngine On
RewriteCond $1 !^(index\.php|resources|images|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
我在视图中的表单属性。 $base_url
变量是base_url()
中配置的config.php
:
<form name="new_article_form" id="new_article_form" method="POST" action="<?php echo $base_url; ?>entries/insert_article" enctype="application/x-www-form-urlencoded">
...
</form>
我错过了什么吗?
编辑: 请求的完整表格。它暂时不使用CI中的form_helper。目前正在努力:
<form name="new_article_form" id="new_article_form" method="POST" action="<?php echo $base_url; ?>entries/insert_article" enctype="application/x-www-form-urlencoded">
<p>Blog Name:</p>
<select name="blog" id="blog" required>
<?php
echo $blogs; //pre-formatted <option> list from controller
?>
</select>
<p>Article Title:</p>
<input type="text" name="title" id="title" required />
<p>Article Author:</p>
<input type="text" name="author" id="author" value="Own" required />
<p>Authoring Date:</p>
<input type="datetime-local" name="auth_date" id="auth_date" value="<?php echo date("d-m-Y"); ?>" required />
<p>Article URL:</p>
<input type="text" name="url" id="url" required />
<p>Summary:</p>
<textarea name="summary" id="summary" style="resize:none" class="text" rows="10" cols="40" required ></textarea>
<br />
<br />
<button name="reset" id="reset" type="reset">Clear</button>
<button name="submit" id="submit" type="submit">ADD</button>
</form>
更新:
我只是使用CI的表单助手lib重写了整个表单,但仍然遇到同样的错误。表单请求甚至没有到达控制器或主index.php文件,它在此之前被终止,因为没有POST数据到达框架根目录下的主index.php文件。因此,这可能是权限问题或之前的其他问题。注意:我在一个共享的网站托管平台,万一有人想知道,我目前正在使用自签名证书进行在线SSL测试。
更新2:
routes.php文件:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
$route['default_controller'] = "main";
$route['404_override'] = '';
/* End of file routes.php */
/* Location: ./application/config/routes.php */
的config.php:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
$config['base_url'] = 'https://<***full_url***>/';
$config['index_page'] = '';
$config['uri_protocol'] = 'AUTO';
$config['url_suffix'] = '';
$config['language'] = 'english';
$config['charset'] = 'UTF-8';
$config['enable_hooks'] = FALSE;
$config['subclass_prefix'] = 'BG_';
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
$config['allow_get_array'] = TRUE;
$config['enable_query_strings'] = FALSE;
$config['controller_trigger'] = 'c';
$config['function_trigger'] = 'm';
$config['directory_trigger'] = 'd'; // experimental not currently in use
$config['log_threshold'] = 2;
$config['log_path'] = '';
$config['log_date_format'] = 'Y-m-d H:i:s';
$config['cache_path'] = '';
$config['encryption_key'] = '';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
$config['cookie_secure'] = FALSE;
$config['global_xss_filtering'] = FALSE;
$config['csrf_protection'] = FALSE;
$config['csrf_token_name'] = '************';
$config['csrf_cookie_name'] = '*************';
$config['csrf_expire'] = 3600;
$config['compress_output'] = FALSE;
$config['time_reference'] = 'local';
$config['rewrite_short_tags'] = FALSE;
$config['proxy_ips'] = '';
/* End of file config.php */
/* Location: ./application/config/config.php */
条目控制器:
<?php
if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Entries extends CI_Controller
{
public function __construct()
{
parent::__construct();
$this->load->helper('url');
$this->load->helper('form');
$this->load->model("entries_model", "entries");
}
public function index($data = array())
{
...//other code
$form_attrs = array("name"=>"new_article_form", "id"=>"new_article_form", "enctype"=>"application/x-www-form-urlencoded");
$form = form_open(base_url()."entries/insert_article", $form_attrs);
//... form entries
$form .= form_close();
$data["form"] = $form;
$this->load->view('entries_view', $data); //the form is displayed on the view properly, no errors present, exactly as shown above
}
public function insert_article()
{
$blogID = $this->input->post("blog");
$title = mb_convert_encoding($this->input->post("title"), "UTF-8");
//... other insert code
$this->index($data);
}
public function blogs($result = "")
{
//... blogs view function
$this->load->view('blogs_view', $data);
}
}
//... other code
?>
注意:根据我的结论,错误发生在服务器端,因为来自使用该站点的移动应用程序的POST请求能够通过,但是专门针对表单数据的浏览器POST请求无法通过。 GET请求虽然很好。唯一可见的错误也出现在服务器错误日志中,指出无法找到“404.html”页面。任何人都知道什么可能拒绝服务器端的连接?
更新:
HTTP标头:
Host: <***site***>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://<***site***>/entries/blogs
Cookie: PHPSESSID=ba4ce8f6cf3ebd19a443763fa8a187c0
Connection: keep-alive
答案 0 :(得分:0)
在表单操作中使用site_url
帮助程序,然后检查控制器是否在发布。
<form name="new_article_form" id="new_article_form" method="POST" action="<?php echo site_url('entries/insert_article') ?>" enctype="application/x-www-form-urlencoded">
另外不要忘记包含url helper。
答案 1 :(得分:0)
原来,表单提交的数据被检测为服务器Mod Security Firewalls的XSS攻击,这就是为什么在加载CI之前请求被拒绝的原因。它现在已经在我的域上被禁用了,现在提交工作正常。希望从现在起不再有块。