403 as result for form action

  • Resolved LeonN1960

    (@leonn1960)


    3 years, 4 months ago

    Hi,
    On a specific page we have added code that gives the possibility to choose options for a search. These options are packed in an html-form. The link in the ‘action’ parameter points to a location (https://thedomain.com/wp-content/themes/divi-child/build-search.php). And yes, this php file exists at that location and worked fine until we activated the SG Security plugin. When we protect the system folders a 403 shows up, no matter the conent of this php-file.

    I tried to change the solution by moving the php-file to the public_html folder; that works fine but it does not feel okay. So now my question is, how to solve this?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter LeonN1960

    (@leonn1960)

    I prepared a copy on another website, which gives the same result.
    https://www.sportscarsofengland.nl/en/widget-search-hippevegetarier/
    Currently system file protection is switched off on this website.

    So please, could someone give more clearity on this subject.

    Plugin Author Elena Chavdarova

    (@elenachavdarova)

    Hello @leonn1960,

    The reason why the link is not working is that you are loading it via URL and not using relative path to the file in your code.

    The protection is preventing any unauthorised requests to URLs under wp-content directory. You can keep it disabled to have the function working as it is now.

    Alternatively, you can edit the way the file is being requested in order to fix this. Or you can add an .htaccess file rules in your wp-content folder:

    <FilesMatch "build-search\.php">
	<IfModule !mod_authz_core.c>
		Allow from all
	</IfModule>
	<IfModule mod_authz_core.c>
		Require all granted
	</IfModule>
</FilesMatch>

    Best Regards,

    Elena

    Thread Starter LeonN1960

    (@leonn1960)

    Hi Elena,

    I tried at first to only change the absolute path to only the relative path, but that was not enough (same error 403). But when I added the code to the .htaccess file in the wp-content folder it worked fine.
    First try when I added this additional code at the beginning of the .htaccess it still gave the error, but when I shifted the code to the end of the file it was perfect.

    Assumably this will be a feature in the plugin on short notice?

    Thanks for support!

    Plugin Author Elena Chavdarova

    (@elenachavdarova)

    When the SiteGround Security “Lock and Protect System Folders” option is enabled it denies unauthorised direct access to any php file under wp-content directory. With the applied rules you have excluded the build-search.php file from the protection.

    Following the best practices you can avoid calling the location via URL. You can include the file where it is defined in your code instead.

    We are planing on implementing files exclude as an option. Still, I can not provide ETA when it will be done.

    Best Regards,
    Elena

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘403 as result for form action’ is closed to new replies.