6

I am creating an iOS application which allows users to send image/text data to my webserver via a POST request. I am successfully sending POSTs to the server when image data is not included in the request. Any time I POST with image data the server spits back a 403 forbidden. I have tried adding the following to the .htaccess file in the directory of the script with no luck:

Options +Indexes FollowSymLinks +ExecCGI
Order allow,deny
Allow from all

Web browsers and Android devices can successfully POST with image data to the script, the only device which cannot is the iPhone.

POSTing with data to other hosting providers works as expected - it is just this host (ipowerweb.com).

I noticed that when I try to POST with data to any script on the server it returns a 403 forbidden. Another note: I can successfully post to another server that is hosted by ipowerweb, but mine can't seem to handle it.

My host has tried to resolve the issue but cannot, and they have marked it on their end as "resolved", so no more help from them. I wish to keep this host as moving would be a pain - I will change hosts as a last resort, so please help me!

Why am I getting this 403 forbidden error only when I submit data via my iPhone application?

How can I resolve the issue so I can successfully POST data?

Any advice on what I can do would be greatly appreciated.

edit: as request, here are the response headers:

{
    Connection = close;
    "Content-Length" = 217;
    "Content-Type" = "text/html; charset=iso-8859-1";
    Date = "Wed, 12 Jan 2011 19:11:19 GMT";
    Server = "Apache/2";
}

edit: as request here are the request headers(oops):

{
    "Accept-Encoding" = gzip;
    "Content-Length" = 5781;
    "Content-Type" = "multipart/form-data; charset=utf-8; boundary=0xKhTmLbOuNdArY";
    "User-Agent" = "YeahIAteThat 1.0 (iPhone; iPhone OS 4.2.1; en_US)";
}
Shane Madden
  • 112,982
  • 12
  • 174
  • 248
binnyb
  • 61
  • 1
  • 3
  • Can you capture and post the HTTP request headers that are generated from the iPhone? – squillman Jan 12 '11 at 19:08
  • yes, i have added them to bottom of the question. edit: err maybe i can get a better string of them - hang tight! – binnyb Jan 12 '11 at 19:13
  • @binnyb Not the response headers, the request headers. Need to see what Apache is getting from the iPhone. – squillman Jan 12 '11 at 19:32
  • ah yes sorry! updated the question – binnyb Jan 12 '11 at 19:38
  • 2
    What shows up in Apache's error_log? This will be very helpful in troubleshooting. – Josh Jan 14 '11 at 13:12
  • my CGI-error log seems to be empty. is there another log i should check? – james Jan 14 '11 at 14:11
  • i don't seem to have access to viewing any other logs. except for visitor and cgi-error – james Jan 14 '11 at 19:49
  • 1
    what about a copy of the successful request headers from an android POST? – Michael Lowman Jan 14 '11 at 21:18
  • run tcpdump and collect the whole conversation. If you can upload that file somewhere we can take a look: tcpdump -s 1600 -ni eth0 port 80 – cstamas Jan 14 '11 at 22:41
  • i do not have terminal/ssh/console access to this server – james Jan 14 '11 at 22:47
  • Why are you using a hosting provider that is obviously not giving you what you need to resolve yor issue, marking unresolved tickets as resolved, and generally making a bad name for itself? There are plenty of genuinely decent hosting providers out there. – Skyhawk Jan 15 '11 at 20:25
  • indeed, i have recently been starting to switch process to dreamhost.com. although using a custom php.ini file seems to be a pain and problematic, ugh! – james Jan 17 '11 at 14:05
  • Dreamhost has a great reputation for shared hosting. If you want complete control of your server, including how PHP is configured, a low-end VPS is also a good option: I use Joyent's entry-level SmartMachine ($25/mo). Of course, the downside of a VPS that gives you root access is that you own any problems that you might create by accident, and tech support isn't going to bail you out. – Skyhawk Jan 23 '11 at 21:08
  • Did you ever get a solution for this problem? I run into exactly the same problem! –  Jan 07 '12 at 03:19

3 Answers3

1

What happens if, as a test, you change the first part of your User-Agent header from "YeahIAteThat 1.0" to something typical like "Mozilla/5.0"?

Skyhawk
  • 14,149
  • 3
  • 52
  • 95
0

could this be because mod_security installed and is rejecting the POST operation (because of a rule ?)

Ram Prasad
  • 301
  • 1
  • 8
0

Could it be that you are posting to a address that is returning a redirect? So for example if you had http://example.com/directory the server would redirect your client to http://example.com/directory/ and the payload of the post request does normally not get 're-sent' to the new destination ...

Tobi Oetiker
  • 1,752
  • 12
  • 12