#StackBounty: #urls #parameter HTTP 403 Error when passing parameters to URL

Bounty: 100

Our website uses WordPress. When we visit URL https://www.datanumen.com/outlook-repair/?utm_source=adword via browser such as Chrome and FireFox, we can see everything is fine. However, Google Ads reports "Destination not working" error for the URL and the detailed info shows "HTTP error 403".

After consulting Google Experts, they use https://httpstatus.io/ and find https://www.datanumen.com/outlook-repair/?utm_source=adword will return 403 code.

However, if removing the parameters from the URL, then the URL https://www.datanumen.com/outlook-repair/ will return 200 code.

So it seems the parameters in the URL make it return 403 code for bot-like access.

We find a similar post WordPress 403 issue when passing parameters in the URL, but we do not Cerber Security Plugin installed. We use WordFence Premium. We try to disable the WordFence, but the problem still exist.

We try another URL https://www.datanumen.com/outlook-repair-order/?utm_source=adword and it returns 200.
The only difference between it and https://www.datanumen.com/outlook-repair/?utm_source=adword is that the latter is a custom post and we using Yoast SEO to remove the category from the permalink. So it seems the problem comes from that. But we don’t know the accurate reason. And we have to remove the category from the permalink based on our company’s requirement.

So, how to solve this problem?

Update:

I check the raw access log and find the following related lines:

173.212.203.156 – – [22/Jun/2020:17:32:55 -0700] "HEAD /outlook-repair/?utm_source=adword HTTP/1.1" 403 – "https://www.datanumen.com/outlook-repair/?utm_source=adword" "WordPress/5.3.4; https://newproxylists.com"

173.212.203.156 – – [22/Jun/2020:17:32:56 -0700] "GET /outlook-repair/?utm_source=adword HTTP/1.1" 403 18394 "https://www.datanumen.com/outlook-repair/?utm_source=adword" "WordPress/5.3.4; https://newproxylists.com"


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.