Re: [Dave] All CMS Builder Links suddenly return Error 403 - Forbidden
For anyone else who has this issue, here's a quick overview.
There was a security flaw found in the way some web hosting servers implemented PHP in May 2012 which allow malicious users to pass commands to PHP. You can check if your host is affected by adding ?-s to the end of any PHP page, eg: index.php?-s If you see your source code, you are vulnerable. If your site renders normally, you are not.
If you get a 403 Forbidden error, though, it means your host has implemented a temporary workaround that prevents the attack, but also blocks some valid safe URLs like CMSB uses. This is referenced on PHP.net here (
http://www.php.net/archive/2012.php#id2012-05-06-1) where they provide the workaround say the following:
"Note that this will block otherwise safe requests like ?top-40 so if you have query parameters that look like that, adjust your regex accordingly."Of course, unless you control your web hosting server you can't modify the workaround patch they're using, and we've run into a few hosts who are unwilling or unable to actually patch PHP and have servers that won't accept these otherwise valid URLs.
So for those cases, I've attached a small plugin that adds ?p= to the beginning of the automatically generated urls, so instead of: http://www.example.com/news-item.php?Headline-goes-here-123
You get: http://www.example.com/news-item.php?
p=Headline-goes-here-123
It's always better to have your host actually fix the underlying issues, but if that's not possible then this plugin is a workaround for their workaround. :)
Hope that helps!
Dave Edis - Senior Developer
interactivetools.com