Solved - Random 403: Forbidden error

Posted on 2006-05-25
Last Modified: 2008-01-09
I am trying to design and build my companies website, and i am having problems with the Formmail script they recommend.

My host is 1&1 ( )
My website is at
the form I am using is on the sub page /onight.html (follow the overnight link)
The FormMail script I am using is the one reccomended by 1&1 ( )

I have created the directory cgi-bin in the root of my site and set permissions to 755
I have modified as instructed ( / ) and set the permissions to 755 (1&1 reccomend 705 but this made no difference).
I have run the script through 1&1's own Perl Syntax Checker which comes back clean.

I have viewed the script from mutiple networks, machines and browsers:

At work, on the network we have 7 machines, Internet is supplied by BT Business Broadband (ADSL).
3 of these are Dell Pweredge 600SC, 2 are Dell Optiplex (1 GX240 and 1 GX260) and 1 is a Dell Latitude.  All are running IE6 and all but the Latitude are running Win 2000 Pro, the Latitude is running Win XP Pro.  Of these machines, 2 of the 600SC's, the GX260 and the Latitude display the expected responses from the FormMail script and I receive the e-mails.  However The other 600SC and the GX240 display Error 403: Forbidden.

At home, on the network we also have 7 machines.  Internet is supplied by NTL Broadband (Cable).
I have only tested on 2 machines at home.  My custom built behemoth of a PC and my FujitsuSiemens Lifebook.  Both are running Windows XP Professional with IE 6, but my PC also has Firefox, Netscape and Opera 8.
On my laptop I get the expected results, but no matter what browser I use on my PC, I get the 403 error.

In all cases I have cleared the History, Temp Files and Cookies before re-trying the script to no avail.

Yours - Totally Confused.

p.s.  I received the following e-mail's from 1&1's tech support:
Thank you for contacting us.

This is in connection with the call you made a while ago.
Please put  a label on all the fields/box you have in your form so that you will know where you will enter the email address and some other informations.

How to configure the script ?

If you have any further questions please do not hesitate to contact us.
Thank you for contacting us.

This is just a follow up regarding our conversation awhile ago on your domain name My teammate (*censored*) had already fixed the problem.

On the script, your didn't supply what email address should mails on formmail be received that is why it displayed an error. Temporarily, he used *censored* as its recipient but you can change it.

Just edit what's on   @allow_mail_to     =

Please check if it worked on your end as we've accessed it here, everything's now working fine.

If you have any further questions please do not hesitate to contact us.
This has made no difference!

Any suggestions

Question by:boxoffrogs

    Author Comment

    I think I have fixed it - I think.

    Having done some more searching on the net, I came across this forum

    In there, it suggested changing the name "formmail" as this may be a re-stricted name due to preevious vunerabilities with "Matt's Script", but also changing the extension to .cgi

    Well, I did both changed the filename to something robots are less likely to crawl for, and changed it to .cgi

    And on the computers at work that it didn't work on, it now works on. (at least for the time being)
    LVL 10

    Expert Comment

    That's a very unusual issue...none of that should be only affecting connections from certain computers...especially when the issue occurs across browsers.  

    Author Comment

    I know - it had thrown me completely.

    I was certain it was a browser issue until it failed on all 4.  I thought it was my IP until I changed machines within the network.  I don't know what I thought when the same happened at work.

    And now I have made those 2 changes (might only be one of them that has done it), it appears to work on every machine and browser that it previously failed on.
    LVL 2

    Accepted Solution

    Ive found, change your formmail name to

    My config is:

    # Define Variables                                                           #
    #      Detailed Information Found In README File.                            #

    # $mailprog defines the location of your sendmail program on your unix       #
    # system. The flags -i and -t should be passed to sendmail in order to       #
    # have it ignore single dots on a line and to read message for recipients    #

    $mailprog = '/usr/sbin/sendmail -i -t';

    # @referers allows forms to be located only on servers which are defined     #
    # in this field.  This security fix from the last version which allowed      #
    # anyone on any server to use your FormMail script on their web site.        #

    @referers = ('',';

    # @recipients defines the e-mail addresses or domain names that e-mail can   #
    # be sent to.  This must be filled in correctly to prevent SPAM and allow    #
    # valid addresses to receive e-mail.  Read the documentation to find out how #
    # this variable works!!!  It is EXTREMELY IMPORTANT.                         #
    @recipients = &fill_recipients('',

    # ACCESS CONTROL FIX: Peter D. Thompson Yezek                                #
    # @valid_ENV allows the sysadmin to define what environment variables can    #
    # be reported via the env_report directive.  This was implemented to fix     #
    # the problem reported at              #


    I use:

    hope this helps
    LVL 10

    Expert Comment

    Actually, I just thought of what could have caused it.  The only reason the extension matters is if the apache handler for 2 extensions is different.  I'm guessing they're getting parsed by different processing agents dependent on the extension and one is doing something that isn't fully browser supported.  You'd have to ask your hosting provider if this is the case and it still wouldn't necessarily lead you to the exact cause, but if you're bored and want to dig deeper, that's one road I could see it leading to.

    Author Comment

    Thanks for your comments.

    I am quite happy to leave it now as it is working.

    I understand what you suggest, and while it makes sense between the extensions, it does not make any sense as to why it will work on some machines/networks/browsers and not others.  Maybe it is client side.  I don't know.  All I know is it is now working, and while it ain't broke, I ain't trying to fix it :D.

    But thank you for your help.  I hope this article helps someone with a similar problem (should it exist).

    Author Comment

    working on closing it - sorry - been on holiday

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
    Both Easy and Powerful How easy is PHP? (  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
    The viewer will learn how to dynamically set the form action using jQuery.
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now