403 response in a POST request
As part of our Firewall, we occasionally filter invalid POST requests when we detect malicious traffic to our network.
This should not cause any problems with software that uses standard HTTP POST requests to reach your website. However, if you have written a custom application, you will need to ensure that the code that performs the POST sets the appropriate Content-Length header in the request.
curl/libcurl will do this by default if you send any HTTP POST data. But if your custom code just overwrites the HTTP method to POST without setting/sending any data, this header may be missing and cause the crash.
You can easily solve this by setting this header manually, for example:
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Length: ' . strlen($fields)));
However, it may be easier to use the built-in POST fields that automatically populate this header as needed.
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);