403 Response on POST Request

Austin B.
Published: 10 July 2020Last updated: 8 August 2024
Share:

As part of our Web Application Firewall we occasionally filter invalid POST requests when we detect malicious traffic towards our network.

This shouldn't cause any problems with software that is using standard HTTP POST requests to reach your website. However, if you've written a custom application you will need to ensure the code making the POST is setting the appropriate Content-Length header in the request.

curl/libcurl will do this by default if you send any HTTP POST data. But if your custom code is simply overriding the HTTP method to POST without setting/sending any data, this header may be missing and result in the block.

You can easily resolve this by setting this header manually, for example:

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Length: ' . strlen($fields)));

However, it may be easier to simply use the built-in POST fields which automatically populate this header as required.

curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);