facebook like args on URL - why forbidden?

Running Apache with a html file for the index - it works fine when I tap into the browser:


but if someone clicks through from my facebook activity feed, the link is similar:


...but it doesn't work - chrome returns

Forbidden: You don't have permission to access / on this server.

My question is why does it come back forbidden? Surely it is merely the args that have changed?

I am not looking for a solution to clean up the URL, but rather to understand why supplying these URL args returns "forbidden".


Ok, I found the problem, and it is related to the 5G-blacklist-2013 I was using in my .htaccess which I didn't think was relevant initially - in retrospect, where else was I going to find the problem? Silly me.

The blocklist contains the line:

RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]

...as part of its test for illegal query strings. The query string that facebook appends when clicking through from the activity feed falls foul of this line and a 403 is returned. To fix I can either remove that line or strip the query string earlier in the .htaccess.

5g-blacklist-2013: http://perishablepress.com/5g-blacklist-2013/

Need Your Help

Web Test Fails With SocketException

visual-studio visual-studio-2013 load-testing web-testing

I have recorded a simple web test in VS 2013 Ultimate and im attempting to run it on a remote agent.

Calling Java Method with variable length argument (varags) from jython

java python testing jython

I'm trying to test some Java code with Jython, but I'm stuck with a constructor that uses the ... varags syntax.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.