no more posts to this group - just an update . i'll wait reply from host
Hello. Further to my $_POST woes.. with the help of A.I. we've
identified a server problem, & not coding problem...
1) ive added this at the top of my script:
$t=date("YmdHi");
$P="/PATHNAME/logs/POSTDATA-$t.txt";
$raw = file_get_contents('php://input');
file_put_contents("$P", $raw);
im getting this as raw data:-
viewaddress=909-2-2&CHANGEURL=%2Fvyb%2F&DISPLAY=ACTIONupdatestatus
however NOTHING in the $_POST or $REQUEST (also in the top of the script).
the text is a bit long - but explains what ive done. I'll wait a few
days / week for them to reply....
Text sent to (host) helpdesk:
--------------------------------------
I’m having an issue where `POST` form submissions are not being
received by my PHP scripts — despite working fine with `GET` requests.
The form submission is being sent to `/vyb/vybfrm.php`, but upon
submission, the browser ends up redirected to `/vyb/` and no `$_POST`
or `$_REQUEST` data appears at all. There are no errors or logs
generated, and `php://input` is also empty, indicating the POST body
is never delivered to the script.
**What I’ve tried so far:**
1. Renamed the script from `index.php` to `vybfrm.php` in case
mod_security was blocking POSTs to `index.php`.
2. Made the form explicitly use:
`<form action="/vyb/vybfrm.php" method="post"
enctype="application/x-www-form-urlencoded" `
3. Confirmed that `GET` requests work and deliver data properly.
4. Turned off `.htaccess` clean URL rewriting (commented out the RewriteRule).
5. Added the following to `.htaccess` without any error:
```apache
<IfModule mod_security.c
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule
```
6. Added diagnostic output using `file_get_contents('php://input')`
at the start of the script to capture raw POST body, but this also
returns empty when POSTs fail.
**Environment Info (from phpinfo):**
- PHP Version: 7.4.10
- Server: Linux walcustweb1306.int.bizland.net (Apache with CGI/FastCGI)
- `post_max_size`: 50M
- `enable_post_data_reading`: On
**My questions for your technical team:**
1. Could there be any **mod_security** or **WAF rules** that might
block POST submissions or silently redirect to the directory (`/vyb/`)
instead of the script?
2. Has there been any recent change in your mod_security rules, WAF
behavior, or PHP/Apache configuration that might cause this?
3. Are there any logs on your end that would indicate why a POST to
`/vyb/vybfrm.php` might be dropped or redirected?
4. Is there a way to whitelist this path or script
(`/vyb/vybfrm.php`) from POST filtering?
5. Could any internal redirect/rewrite rules override the `.htaccess`
settings in this subdomain?
I'd really appreciate if you could check whether POST requests are
being blocked or redirected before they reach the script, and let me
know if there’s a workaround or if this needs an internal allowlist
rule.
Many thanks in advance for your help!
-------------------
(end text)
Did further tests and extra text added onto my ticket / request:-
---------------------
**Update:** I've confirmed that my PHP script is receiving raw
POST data via `php://input`, but the `$_POST` and `$_REQUEST`
superglobals are remaining completely empty. This suggests that
something is interfering *after* the raw data is received but *before*
PHP can parse it into superglobals. I'm now logging that raw input to
verify it's being received.
I've also noticed that some log files are being created in the
`/subdomains/animals/htdocs/vyb/logs/` directory with names like:
`viewaddress=909-2-2&CHANGEURL=%2Fvyb%2F&DISPLAY=ACTIONupdatestatus`
This looks like POST data is being treated as part of the URL or
filename — possibly due to a security module or rewrite
misinterpretation.
Please confirm:
1. Is `mod_security` (or similar) active on my account or domain?
2. Have there been any recent changes to mod_security rules or
server-side behavior in the past few weeks?
3. Is there a whitelist or rule adjustment that can be made to
allow standard POST submissions (application/x-www-form-urlencoded) to
`/vyb/` or `/vyb/index.php`?
---------------------
(end text)
--
Gordon.
