403 error for save <SCRIPT> into file on the server

#1
hi and sorry for my English
i write an small application by PHP that read/write html/or/txt file by simple form.
.
its worked as well until server updated by litespeed protection method.
.
here it is my code ------> do.php
PHP:
<?php
// set file to read
$filename = "xx.txt";
  
$newdata = $_POST['newd'];

if ($newdata != '') {

// open file 
$fw = fopen($filename, 'w') or die('Could not open file!');
// write to file
// added stripslashes to $newdata
$fb = fwrite($fw,stripslashes($newdata)) or die('Could not write to file');
// close file
fclose($fw);
}
 ?>
and by this form i get data to store into "xx.txt" file :

PHP:
<?php
$filename = "xx.txt"; 
$fh = fopen($filename, "r") or die("Could not open file!");
$data = fread($fh, filesize($filename)) or die("Could not read file!");
?>
<html>
<form action='do.php' method= 'post' >
<textarea name='newd' cols='100%' rows='50'><?php print $data ?> </textarea>
<input type='submit' value='Save Data'>
</form>
</html>
its will accept all character or html tags by this form and will stored into TXT file, but when i want to save <script> character alone or middle html tags, litespeed return error

403 Forbidden
" Access to this resource on the server is denied!"
Powered By LiteSpeed Web Server
....
.
this 403 error will not reported apache error logs.
how can i resolve this problem ?!

thanks for your attention.
 

NiteWave

Administrator
#2
it may trigger certain "Request Filter" rule.

check
lsws admin console->Server->Request Filter, disable "XSS attack" rule if it's enabled.
 
#3
thanks "Nite wave" for your reply
.
Im just a client on the server and can not access to the server configuration.
.
Litespeed does have .htaccess file (same as appache) to listen each folder by configured rule ?! (for security)
.
or can i resolve this issue by scripting ?
 

NiteWave

Administrator
#4
may be not. try to ask your host to disable that rule.
if that rule already disabled, then maybe mod_security plugin for cPanel has been installed by your host, that acts same as request filter but more powerful and complex.
 
Top