Title: GET requests with empty variables causes 403 errors
Last modified: August 20, 2016

---

# GET requests with empty variables causes 403 errors

 *  [computerslayer1](https://wordpress.org/support/users/computerslayer1/)
 * (@computerslayer1)
 * [13 years, 7 months ago](https://wordpress.org/support/topic/get-requests-with-empty-variables-causes-403-errors/)
 * I noticed that if I used the search field without entering any keywords, I got
   a 403 error.
 * The search form resulted in a GET request, but with an empty query value. For
   example:
 * `http://example.org/?s=`
    or `http://example.org/?s=test&page=`
 * It appears that the generated htaccess rule is causing the issue:
 * `RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]`
 * Is this unintentional or by design?
 * [http://wordpress.org/extend/plugins/better-wp-security/](http://wordpress.org/extend/plugins/better-wp-security/)

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [matiyin](https://wordpress.org/support/users/matiyin/)
 * (@matiyin)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/get-requests-with-empty-variables-causes-403-errors/#post-3139906)
 * great find! I have the same issue, thanks for posting a solution!
 * I’m using a function to override empty searches with a ‘space’ to prevent routing
   to home, but indeed in webkit it results in an error because the string is empty
 * why not in firefox? no idea…
 *  [MickeyRoush](https://wordpress.org/support/users/mickeyroush/)
 * (@mickeyroush)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/get-requests-with-empty-variables-causes-403-errors/#post-3139907)
 * You should really try to control that within the theme itself. For example, the
   word “search” could already be placed in the search box, so if a user just clicks
   the search button it will use the default word of “search”. You really don’t 
   want spaces in a URL. That’s a good sign of a malicious attack.
 *  [matiyin](https://wordpress.org/support/users/matiyin/)
 * (@matiyin)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/get-requests-with-empty-variables-causes-403-errors/#post-3139908)
 * indeed, I’ve added a jquery validation check and just return an alert to the 
   user to insert something in the empty search box:
 *     ```
       $('#searchsubmit').click(function(){
       		var searchVal = $("#s").val();
       		if(searchVal == '') {
       		alert("Please enter a search term");
       		return false; }
       	});
       ```
   
 * Strangely enough Firefox doesn’t give a 403 like webkit does.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘GET requests with empty variables causes 403 errors’ is closed to new
replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

 * 3 replies
 * 3 participants
 * Last reply from: [matiyin](https://wordpress.org/support/users/matiyin/)
 * Last activity: [13 years, 5 months ago](https://wordpress.org/support/topic/get-requests-with-empty-variables-causes-403-errors/#post-3139908)
 * Status: not resolved