How to Allow http in query string without using mod_security?

Question

I am using contact form 7 to send an URL from one form to other using on_sent_ok. Trying to send http://myurl.com in the query string redirects me to the 403 forbidden page. On some research, I found it a mod_secrity causing the issue. Can it be done without turning the mod_security off?

This is my code for contact

on_sent_ok: "location ='http://example.com/somepage/?u='+jQuery('#url').val();"

where #url is the input for the url.

More if this mod is turned off, will it be fixed as I have many sites hosted.

score 0 · Answer 1 · answered May 28 '15 at 05:58

0

You need to encode the string using encodeURIComponent when using an complete url in query strings.

on_sent_ok: "location ='http://example.com/somepage/?u='+encodeURIComponent(jQuery('#url').val());"

answered May 28 '15 at 05:58

Rahil Wazir

10,007
11
42
64

Yes I checked that too but page gives same error of forbidden. – Sachin Stellen May 28 '15 at 06:11
@SachinStellen Whats the resulted url? – Rahil Wazir May 28 '15 at 06:33
it gives me encoded url like `http://example.com/somepage/?u=http%3A%2F%2Fsomeurl.com` but the error still remains – Sachin Stellen May 28 '15 at 06:52
@SachinStellen Then the problem is somewhere else in your application – Rahil Wazir May 28 '15 at 10:15

How to Allow http in query string without using mod_security?

1 Answers1