403 error for save <SCRIPT> into file on the server

Discussion in 'Java JSP/Servlet' started by saeeded, Jun 5, 2012.

  1. saeeded

    saeeded New Member

    hi and sorry for my English
    i write an small application by PHP that read/write html/or/txt file by simple form.
    its worked as well until server updated by litespeed protection method.
    here it is my code ------> do.php
    // set file to read
    $filename "xx.txt";
    $newdata $_POST['newd'];

    if (
    $newdata != '') {

    // open file 
    $fw fopen($filename'w') or die('Could not open file!');
    // write to file
    // added stripslashes to $newdata
    $fb fwrite($fw,stripslashes($newdata)) or die('Could not write to file');
    // close file
    and by this form i get data to store into "xx.txt" file :

    $fh fopen($filename"r") or die("Could not open file!");
    $data fread($fhfilesize($filename)) or die("Could not read file!");
    <form action='do.php' method= 'post' >
    <textarea name='newd' cols='100%' rows='50'><?php print $data ?> </textarea>
    <input type='submit' value='Save Data'>
    its will accept all character or html tags by this form and will stored into TXT file, but when i want to save <script> character alone or middle html tags, litespeed return error

    403 Forbidden
    " Access to this resource on the server is denied!"
    Powered By LiteSpeed Web Server
    this 403 error will not reported apache error logs.
    how can i resolve this problem ?!

    thanks for your attention.
  2. NiteWave

    NiteWave Administrator

    it may trigger certain "Request Filter" rule.

    lsws admin console->Server->Request Filter, disable "XSS attack" rule if it's enabled.
  3. saeeded

    saeeded New Member

    thanks "Nite wave" for your reply
    Im just a client on the server and can not access to the server configuration.
    Litespeed does have .htaccess file (same as appache) to listen each folder by configured rule ?! (for security)
    or can i resolve this issue by scripting ?
  4. NiteWave

    NiteWave Administrator

    may be not. try to ask your host to disable that rule.
    if that rule already disabled, then maybe mod_security plugin for cPanel has been installed by your host, that acts same as request filter but more powerful and complex.

Share This Page