I am developing a small application where an admin can insert bulk discount voucher codes in the back-end. In the front-end, site visitors can get those codes, one by one. To insert voucher codes in the backend, I am providing the admin a Textarea where he can insert them all at once. Everything was working fine, until I got a unique voucher code “XXXXXX-XXX-XXX-wGeT”.
I have a simple HTML form, which is submitted using the POST method. On submitting this voucher code, the browser sends me a “501-Method not implemented” error in the response. The problem is with the “wGet” keyword in the code. I know wget is a linux command, but here I am sending it as a text in POST. Server just sending me 501 error. I googled a lot, but didn’t have any luck. How do I escape this “wGeT” keyword, before form submit?
edit:
<?php
if($_REQUEST){
echo '<pre>';
print_r($_REQUEST);
echo '</pre>';
}
?>
<html>
<head>
<title>Wget Demo</title>
</head>
<body>
<form name="frmCodes" method="POST">
<textarea name="voucher_codes"></textarea>
<input type="submit" name="btnSubmit"/>
</form>
</body>
</html>
I think mario’s comment is right, it’s probably mod_security.
default behaviour will be scanning POST data ( see /etc/httpd/conf/modsecurity.conf )
with wget blocked
comment out this SecFilter by preceding it with # (or set SecFilterScanPOST to Off) and restart apache to see if it solves it.
or use a .htaccess file in the corresponding directory containing:
I put both options in so you can play with it somewhat, it’s probably possible to be more site specific but you’ll need to read up a bit on mod_security rules
slight edit: added a wget allowing but logging rule to .htaccess, this would allow you to put SecFilterScanPOST to On