(SOLUTION!) – Read the whole string at the IIS forums here:
https://forums.iis.net/p/1174369/1967089.aspx#1967089
The issue was the ISAPI Rewrite Manager on our server. It had several query strings, including “select” and “sql”, setup to be filtered for incoming calls to our sites. It receives the website call BEFORE it goes to IIS so any changes I had been doing for IIS had no effect. The pages giving me a forbidden message had these words in the url.
We removed the entries for these strings:
RewriteCond %{QUERY_STRING} select [NC]
RewriteRule (?!403\.html).*$ – [F]
RewriteCond %{QUERY_STRING} select%20 [NC]
RewriteRule (?!403\.html).*$ – [F]
RewriteCond %{QUERY_STRING} sql [NC]
RewriteRule (?!403\.html).*$ – [F]
and then used the request filtering, which does the same thing within IIS, to block those strings for the whole server. Then we removed those denied strings just from php sites. We now have full access and functionality of both wordpress and phpmyadmin!
