Forum Topic: 403 mystery to me

Forum: .htaccess Forum : Security • Posted by Jeroen • Updated:

I have added the 5G to another website and I noticed that when I am logged in I can see the website but non-logged in users get a 403.

When I remove this line from the 5G, it's fixed.

RedirectMatch 403 (\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")

It's happening on boncabe.com. No idea why and why there is no problem when I want to log in or when I'm logged in.

Any ideas?

Thanks

Jeroen

7 Replies to “403 mystery to me”

Jeff Starr
Posted by Jeff Starr

Can you post the URL that is blocked/not working so I can compare with the 5G and see if anything might be causing issues..

Posted by Jeroen •

That's the fun part, Jeff, it's the homepage...

The homepage is a static page, I don't know if that matters. Bit difficult to get the code back in again, because the website will be offline. Unless you tell me what time you want to have a look.

Or I can send you the html of the homepage and htaccess? What can I do?

Thanks

Posted by Jeroen •

Jeff, I am trying to split this line into individual matches

RedirectMatch 403 (\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")

Could you check if these are right, you'll probably see it in a sec. I am probably far off but it will help me to understand the coding better.

RedirectMatch 403 \,+/\,/
RedirectMatch 403 \,+\{0\}
RedirectMatch 403 \,+\(/\(
RedirectMatch 403 \,+\.\.\.
RedirectMatch 403 \,+\+\+\+
RedirectMatch 403 \,+\|
RedirectMatch 403 \,+\\\"\\\"
RedirectMatch 403 //+/\,/
RedirectMatch 403 //+\{0\}
RedirectMatch 403 //+\(/\(
RedirectMatch 403 //+\.\.\.
RedirectMatch 403 //+\+\+\+
RedirectMatch 403 //+\|
RedirectMatch 403 //+\\\"\\\"
RedirectMatch 403 \+/\,/
RedirectMatch 403 \+\{0\}
RedirectMatch 403 \+\(/\(
RedirectMatch 403 \+\.\.\.
RedirectMatch 403 \+\+\+\+
RedirectMatch 403 \+\|
RedirectMatch 403 \+\\\"\\\"

Thanks

Jeff Starr
Posted by Jeff Starr

Here is what I get when deconstructing RedirectMatch 403 (\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\"):

RedirectMatch 403 \,
RedirectMatch 403 //
RedirectMatch 403 \)\+
RedirectMatch 403 /\,/
RedirectMatch 403 \{0\}
RedirectMatch 403 \(/\(
RedirectMatch 403 \.\.\.
RedirectMatch 403 \+\+\+
RedirectMatch 403 \|
RedirectMatch 403 \\\"\\\"

For the homepage, anything will help, especially the URL. Sending files is okay too, just send them to me via my contact form: https://perishablepress.com/contact/.

Posted by Jeroen •

Thanks, Jeff, it's clear now. The website was boncabe.com, you missed it above, doesn't matter.

Turned out this was the problem: RedirectMatch 403 //

Also makes sense to me since it's part of the url, but I cannot imagine it's works n other websites as well, because most urls has // in it, right. So, I am missing something again...

Thanks

Jeff Starr
Posted by Jeff Starr

Ah yes, sorry for missing that.. the thing is though, that the // is only matched when included as part of the domain name or request URI.. in other words, for every request, Redirect and RedirectMatch do not look at or match the http:// part of the request, so I'm thinking something else may be at play here. If you got it working that's awesome, but something to keep in mind for future reference.

Posted by Jeroen •

Going to ask HostGator if they know what's happening with the //. I'll let you know when it's relevant.

Thanks