I am creating an iOS application which allows users to send image/text data to my webserver via a POST request. I am successfully sending POSTs to the server when image data is not included in the request. Any time I POST with image data the server spits back a 403 forbidden
. I have tried adding the following to the .htaccess file in the directory of the script with no luck:
Options +Indexes FollowSymLinks +ExecCGI
Order allow,deny
Allow from all
Web browsers and Android devices can successfully POST with image data to the script, the only device which cannot is the iPhone.
POSTing with data to other hosting providers works as expected - it is just this host (ipowerweb.com).
I noticed that when I try to POST with data to any script on the server it returns a 403 forbidden
. Another note: I can successfully post to another server that is hosted by ipowerweb, but mine can't seem to handle it.
My host has tried to resolve the issue but cannot, and they have marked it on their end as "resolved", so no more help from them. I wish to keep this host as moving would be a pain - I will change hosts as a last resort, so please help me!
Why am I getting this 403 forbidden error only when I submit data via my iPhone application?
How can I resolve the issue so I can successfully POST data?
Any advice on what I can do would be greatly appreciated.
edit: as request, here are the response headers:
{
Connection = close;
"Content-Length" = 217;
"Content-Type" = "text/html; charset=iso-8859-1";
Date = "Wed, 12 Jan 2011 19:11:19 GMT";
Server = "Apache/2";
}
edit: as request here are the request headers(oops):
{
"Accept-Encoding" = gzip;
"Content-Length" = 5781;
"Content-Type" = "multipart/form-data; charset=utf-8; boundary=0xKhTmLbOuNdArY";
"User-Agent" = "YeahIAteThat 1.0 (iPhone; iPhone OS 4.2.1; en_US)";
}
What happens if, as a test, you change the first part of your User-Agent header from "YeahIAteThat 1.0" to something typical like "Mozilla/5.0"?
could this be because mod_security installed and is rejecting the POST operation (because of a rule ?)
Could it be that you are posting to a address that is returning a redirect? So for example if you had http://example.com/directory the server would redirect your client to http://example.com/directory/ and the payload of the post request does normally not get 're-sent' to the new destination ...