Its a 404 Forbidden. My mistake.

Forbidden

You don't have permission to access /index.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

404 is "Page not Found", not "Forbidden", so which is it?

You cannot have slashes in parameters. You MUST encode slashes in parameters.

This is the error :


Forbidden

You don't have permission to access /confirmthanks.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

The parameter is being passed by aWeber which I can't control. Is there anyway I can get rid of this through htaccess or something?

I just realised its the phrase "http:/" is creating the problem. I tried passing https//www.asd.com and it worked fine, however [as.com...] didn't! I tried other combinations too to confirm this.

Yes, the protocol is only at the beginning of the entire URL. It cannot appear in the middle.

I don't get this error on all servers.

Is there any solution?

You have two problems:

First, "403.shtml" has been defined as your custom 403 ErrorDocument -- either through an explicit ErrorDocument directive appearing in your server config or .htaccess file(s), or by using your control panel.

Unfortunately, this file does not exist. So when a 403-Forbidden response is invoked, it leads to a secondary 404-Not Found error. This is a serious technical problem, and must be fixed if you care at all about your search engine rankings.

Either remove the custom error document setting from your control panel, or find the place in you config code where 403.shtml appears in an ErrorDocument directive and correct the filepath to point to your actual error document, or create a 403.shtml file and use it as your custom 403 error page.

The second problem is that there are rules concerning what characters can appear in what parts of a URL and the query string appended to that URL. If a character needs to be used in a place where it is not allowed, then it must be URL-encoded. For example, the URL "http://www.example.com/my file" is invalid because of the space character, and will be encoded by all HTTP-compliant browsers to "http://www.example.com/my%20file" for transmission via HTTP.

For details on what characters can be used in each part of a URI, see "RFC2396 - Uniform Resource Identifiers (URI): Generic Syntax". If aWeber is violating the HTTP protocol, you will need to get them to fix it, as no work-arounds will be possible. (The malformed request won't be accepted by your server, so no server-side code can be used to act on it.)

Jim

Hi, it isn't a encoding problem. Its a problem related to modsecurity which is not allowing the word "http:/" in the params.

Could you suggest me how/what command to use to allow http:/ in the params through modsecurity?

You don't need the http or the :// to appear in the URL.

Adjust your script to add that itself while processing the request.

Like I told you, the form data is being passed by Aweber. So I can't control it.

Can I trigger mod_security commands through .htaccess?

No simple answer. It depends on your server configuration. Start here: [modsecurity.org...]

Jim