• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1279
  • Last Modified:

FormMail.pl - Random 403: Forbidden error

I am trying to design and build my companies website, and i am having problems with the Formmail script they recommend.

My host is 1&1 ( http://1and1.co.uk )
My website is at http://www.roadlinklogistics.co.uk 
the form I am using is on the sub page /onight.html (follow the overnight link)
The FormMail script I am using is the one reccomended by 1&1 ( http://www.1and1faq.co.uk/software/formmail_compat-3.09c1.zip )

I have created the directory cgi-bin in the root of my site and set permissions to 755
I have modified FormMail.pl as instructed ( http://faq.1and1.co.uk/script_cookbook__databases/formmail/index.html / http://faq.1and1.com/scripting_languages_supported/formmail_explained/index.html ) and set the permissions to 755 (1&1 reccomend 705 but this made no difference).
I have run the script through 1&1's own Perl Syntax Checker which comes back clean.

I have viewed the script from mutiple networks, machines and browsers:

At work, on the network we have 7 machines, Internet is supplied by BT Business Broadband (ADSL).
3 of these are Dell Pweredge 600SC, 2 are Dell Optiplex (1 GX240 and 1 GX260) and 1 is a Dell Latitude.  All are running IE6 and all but the Latitude are running Win 2000 Pro, the Latitude is running Win XP Pro.  Of these machines, 2 of the 600SC's, the GX260 and the Latitude display the expected responses from the FormMail script and I receive the e-mails.  However The other 600SC and the GX240 display Error 403: Forbidden.

At home, on the network we also have 7 machines.  Internet is supplied by NTL Broadband (Cable).
I have only tested on 2 machines at home.  My custom built behemoth of a PC and my FujitsuSiemens Lifebook.  Both are running Windows XP Professional with IE 6, but my PC also has Firefox, Netscape and Opera 8.
On my laptop I get the expected results, but no matter what browser I use on my PC, I get the 403 error.

In all cases I have cleared the History, Temp Files and Cookies before re-trying the script to no avail.

Yours - Totally Confused.

p.s.  I received the following e-mail's from 1&1's tech support:
==============================================================================
Thank you for contacting us.

This is in connection with the call you made a while ago.
Please put  a label on all the fields/box you have in your form so that you will know where you will enter the email address and some other informations.

How to configure the FormMail.pl script ?
http://faq.1and1.com/scripting_languages_supported/formmail_explained/4.
html

If you have any further questions please do not hesitate to contact us.
==============================================================================
Thank you for contacting us.

This is just a follow up regarding our conversation awhile ago on your domain name roadlinklogistics.co.uk. My teammate (*censored*) had already fixed the problem.

On the script, your didn't supply what email address should mails on formmail be received that is why it displayed an error. Temporarily, he used *censored*@roadlinklogistics.co.uk as its recipient but you can change it.

Just edit what's on   @allow_mail_to     =
qw(*censored*@roadlinklogistics.co.uk);

Please check if it worked on your end as we've accessed it here, everything's now working fine.

If you have any further questions please do not hesitate to contact us.
==============================================================================
This has made no difference!

Any suggestions

0
boxoffrogs
Asked:
boxoffrogs
  • 4
  • 2
1 Solution
 
boxoffrogsAuthor Commented:
I think I have fixed it - I think.

Having done some more searching on the net, I came across this forum

http://www.hostforum.co.uk/archive/index.php/t-722.html

In there, it suggested changing the name "formmail" as this may be a re-stricted name due to preevious vunerabilities with "Matt's Script", but also changing the extension to .cgi

Well, I did both changed the filename to something robots are less likely to crawl for, and changed it to .cgi

And on the computers at work that it didn't work on, it now works on. (at least for the time being)
0
 
ClickCentricCommented:
That's a very unusual issue...none of that should be only affecting connections from certain computers...especially when the issue occurs across browsers.  
0
 
boxoffrogsAuthor Commented:
I know - it had thrown me completely.

I was certain it was a browser issue until it failed on all 4.  I thought it was my IP until I changed machines within the network.  I don't know what I thought when the same happened at work.

And now I have made those 2 changes (might only be one of them that has done it), it appears to work on every machine and browser that it previously failed on.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
verybadCommented:
Ive found, change your formmail name to send.pl

My config is:

# Define Variables                                                           #
#      Detailed Information Found In README File.                            #

# $mailprog defines the location of your sendmail program on your unix       #
# system. The flags -i and -t should be passed to sendmail in order to       #
# have it ignore single dots on a line and to read message for recipients    #

$mailprog = '/usr/sbin/sendmail -i -t';

# @referers allows forms to be located only on servers which are defined     #
# in this field.  This security fix from the last version which allowed      #
# anyone on any server to use your FormMail script on their web site.        #

@referers = ('mydomain.co.uk','82.155.155.155);

# @recipients defines the e-mail addresses or domain names that e-mail can   #
# be sent to.  This must be filled in correctly to prevent SPAM and allow    #
# valid addresses to receive e-mail.  Read the documentation to find out how #
# this variable works!!!  It is EXTREMELY IMPORTANT.                         #
@recipients = &fill_recipients('mydomain.co.uk',
                               'www.mydomain.co.uk');

# ACCESS CONTROL FIX: Peter D. Thompson Yezek                                #
# @valid_ENV allows the sysadmin to define what environment variables can    #
# be reported via the env_report directive.  This was implemented to fix     #
# the problem reported at http://www.securityfocus.com/bid/1187              #

@valid_ENV = ('REMOTE_HOST','REMOTE_ADDR','REMOTE_USER','HTTP_USER_AGENT');


I use: http://www.scriptarchive.com/formmail.html

hope this helps
0
 
ClickCentricCommented:
Actually, I just thought of what could have caused it.  The only reason the extension matters is if the apache handler for 2 extensions is different.  I'm guessing they're getting parsed by different processing agents dependent on the extension and one is doing something that isn't fully browser supported.  You'd have to ask your hosting provider if this is the case and it still wouldn't necessarily lead you to the exact cause, but if you're bored and want to dig deeper, that's one road I could see it leading to.
0
 
boxoffrogsAuthor Commented:
Thanks for your comments.

I am quite happy to leave it now as it is working.

I understand what you suggest, and while it makes sense between the extensions, it does not make any sense as to why it will work on some machines/networks/browsers and not others.  Maybe it is client side.  I don't know.  All I know is it is now working, and while it ain't broke, I ain't trying to fix it :D.

But thank you for your help.  I hope this article helps someone with a similar problem (should it exist).
0
 
boxoffrogsAuthor Commented:
working on closing it - sorry - been on holiday
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now