So I've got a custom made PHP site on running on PHP5 that I'm attempting to migrate from Apache to a different Litespeed server on a different hosting company (i'd assume the open source litespeed)
/foo/bar.php works fine by itself
But, when using /foo/index.html to send POST data to /foo/bar.php, I get a 403 error message
I hoped that adding the mod_security change would work, but I don't think that it did. Maybe I didn't add it to my .htaccess properly? It's possible, but unlikely because the other parts of the .htaccess (rewriting to find the .php files if they aren't asked for) work fine.
<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>
Here's a sample POST "payload":
filename=000000B--ANOTHER-TEST.txt§ionlabels%5B%5D=DEFAULT_METADATA§ions%5B%5D=album%3A+TEST%0D%0Aartist%3A+TEST%0D%0Aalbum_artist%3A+TEST%0D%0A%0D%0A%3B+set+the+default+composer%0D%0Acomposer%3A+TEST%0D%0A%0D%0Agenre%3A+Classical%0D%0A%0D%0Ayear%3A+1999%0D%0A%0D%0A%3B+used+for+the+comment+metadata%0D%0Avenue%3A+_REPLACE_THIS_%0D%0Aconcertdate%3A+November+30th%2C+1999%0D%0Aengineer%3A+Adam+Borecki+-+adamborecki.com%0D%0Acomments%3A+Recorded+Live%0D%0A%0D%0A§ionlabels%5B%5D=PIECES§ions%5B%5D=A+_REPLACE_THIS_%0D%0A%0D%0A01+Title%0D%0Acomposer%3A%0D%0Aartist%3A%0D%0A01a+I.%0D%0A01b+II.%0D%0A%3B+etc.%0D%0A%0D%0A%3Bintermission%0D%0A%0D%0A§ionlabels%5B%5D=EMAILS§ions%5B%5D=recording%40adamborecki.com%0D%0A_REPLACE_THIS_%0D%0A%0D%0A§ionlabels%5B%5D=B2BUCKET§ions%5B%5D=-Borecki-RecordingLA-2018a-%0D%0A%0D%0A§ionlabels%5B%5D=NOTES§ions%5B%5D=%3C%21--+The+photos+from+your+recording+are+ready%21+Note+that+the+audio+and+video+files+should+be+ready+soon+but+will+take+a+little+bit+longer.+If+you+need+them+for+a+specific+deadline%2C+please+be+sure+to+contact+Adam+right+away.+--%3E%0D%0A%0D%0A%3C%21--+Remember+to+get+obtain+permission+from+performers+and+composers+before+posting+to+the+internet.+--%3E%0D%0A%0D%0A%0D%0A§ionlabels%5B%5D=SETTINGS§ions%5B%5D=PIECE_FILENAME%3A+%25title%25+-+%25composer%25%0D%0AMVT_FILENAME%3A+%25title%25+-+%25mvt_title%25+-+%25composer%25%0D%0AMVT_TITLE%3A+%25mvt_title%25+-+%25title%25+-+%25composer%25%0D%0A%0D%0A%3B+turn+on+track+numbers+metadata+%28primarily+for+audio%29%0D%0A%3B+leave+ON+for+recitals%0D%0ATRACK_NUMBERS%3A+true%0D%0A%0D%0A%3B+recommended%3A+FALSE+-+every+clip+from+FCPXML+should+be+named+in+the+cuesheet.%0D%0AALLOW_UNMATCHED_CLIPS%3A+false%0D%0A%0D%0A§ionlabels%5B%5D=OUTPUTS§ions%5B%5D=%5BDEFAULT_MP4_OUTPUT%5D%0D%0A%5BDEFAULT_WAV_OUTPUT%5D%0D%0A%5BDEFAULT_MP3_OUTPUT%5D%0D%0A%0D%0A%3B.mp4+Video+%28HD+1080p%29%2F%0D%0A%3B%09VFADEOUT%3D1.2%0D%0A%3B%09VFADEIN%3D1%0D%0A%3B%09AFADEOUT%3D.2%0D%0A%3B%09-c%3Av+libx264%0D%0A%3B%09-profile%3Av+high%0D%0A%3B%09-crf+23%0D%0A%3B%09-preset+fast%0D%0A%3B%09-tune+film%0D%0A%3B%09-c%3Aa+libfdk_aac%0D%0A%3B%09-pix_fmt+yuv420p%0D%0A%3B%09-b%3Aa+192k%0D%0A%3B%09-ar+48000%0D%0A%0D%0A
Here's my .htaccess file:
Options +FollowSymlinks -MultiViews
RewriteEngine on
# RewriteBase /
# remove trailing slash if its there -- THIS is some super old code, I just leave it in
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)?\/$ //%{HTTP_HOST}/$1 [L,R=301,QSA]
# interal add php if it isnt there-- THIS is also some super old code, I just leave it in
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)?$ $1\.php [L,QSA]
# from https://stackoverflow.com/questions/23736913/php-form-post-redirects-to-403-error-page-by-litespeed-web-server
# it looks like I need to turn OFF a security setting on LiteSpeed so that it'll allow post data
<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>
# I THINK THE STUFF BELOW is from an older cPanel host. I'm migrating to a new one, and I'm doing that via tar.gz compression of the old files and moving over to new server and then unzipping
# BEGIN cPanel-generated ph
p ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php5_module>
php_flag asp_tags Off
php_flag display_errors On
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 128M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php56"
php_value upload_max_filesize 50M
</IfModule>
# END cPanel-generated php ini directives, do not edit
