Home/ Questions/Q 8573839
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T19:20:32+00:00

I have a website where I wrapped phpbb3 inside wordpress. It works pretty well,

  • 0

I have a website where I wrapped phpbb3 inside wordpress. It works pretty well, although when I added this security recommendation to my .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\:  [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]
</IfModule>

it is causing 403 errors when users try to use the search form on some of the forum pages. This is the way the search is presented (as an example):

<div class="search-box">
<form method="post" id="forum-search" action="./search.php?fid[]=5">
<fieldset>
<input class="inputbox search tiny" type="text" name="keywords" id="search_keywords" size="20" value="Search this forum…" onclick="if (this.value == 'Search this forum…') this.value = '';" onblur="if (this.value == '') this.value = 'Search this forum…';" />
<input class="button2" type="submit" value="Search" />
<input type="hidden" value="5" name="fid[]" />
</fieldset>
</form>
</div>

Comes back as “forbidden”. When I take out that section of .htaccess, it works fine. I know the very basics about .htaccess and can’t figure out why that code is causing a 403 on that section of HTML/PHP.

Any ideas would be appreciated…thanks…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It is causing a 403 because you are returning 403 in your htaccess, the F flag in your rewrite rules is going this.

    There’s probably a reason why you’d want to do this. The first rule blocks requests via HEAD, TRACE, DELETE, and TRACK methods. The second rule blocks requests with a bunch of possible query strings and *if you are missing the wordpress_logged_in cookie*. So if you don’t have a cookie named wordpress_logged_in_, then you’ll get a 403.

    • 0