Hi,
We have just upgraded from classic 6.3 to threads v7.2, and we keep getting an error message saying that the users ip/host appears to be invalid or that it could be a firewall issue.
They can only post, if they go into the my cookies, expire the cookies and try to log back in try to post again, sometimes it works on the first attempt at doing this, sometimes on the second.. sometimes it is on their second post...
is it something in my settings that needs changing?
TIA
Claire

Could be a couple of things... Some Anti-Virus, Firewalls, or Internet Security Suites block the referrer value and should be disabled on the users machine. You can disable this security check in the control panel, however it isn't recommended. You should also be sure all posible urls that users can login or post from are in the tracking box in the control panel (including the www and non www versions of any domains that you use).

This is the actual error message.
The host from which you are accessing the board is not recognized as a valid host. This is more than likely related to a firewall issue that is blocking the referer variable. Check your firewall settings and try again.

I have posted about 5 messages on my board, then had to go and change something in my profile and on the control panel, went back to the board to add another reply and got this message again.

I have had emails from most of my regular members and they all get this error, surely we should not have to disable firewall settings just to be able to post, and why was i able to post before on the board, and suddenly not now... (well not without clearing the cookie setting on the board?)

The firewall setting is to not send a referrer variable, which is critical to spam prevention (as one can spoof a post to post to your forum without having to be posted from a valid location wihtout it)...

It can be more than jsut that, there is one thing to check before disabling the referrer check (if you want to nerf that security protection that is).

First, check to be sure ALL of your domains are in the allowed referrers:
CP -> Master Settings -> Primary Settings -> Advanced Options -> Domains for HTTP Referrer Check. Example:


That setting CAN cause the above error when a user is logged in and posting from the "non-www" version of your url when it isn't allowed in the check.

If you want to disable the check (which I would never recommend) then you can de-tick: "Disable HTTP Referer Check?"

The option in a firewall to block referrer variables isn't really a security setting, it's there to "protect privacy" by not forwarding referrers so that you can't be "traced" online, however the referrer check utilizes this variable to validate you're posting from an allowed host (as in one of the hosts which are in the allowed hosts box).

Thanks,

have re-inputted this bit.
> First, check to be sure ALL of your domains are in the allowed referrers:
CP -> Master Settings -> Primary Settings -> Advanced Options -> Domains for HTTP Referrer Check. Example:

and it now seems to be behaving itself.

thanks again!

Yes, a common mistake is people forgetting that users can browse their site both with and without "www", so only one gets entered, and users can sometimes trollup in with the other...

Myself, I have a .htaccess rule which forwards all non-www requests to www, so i just have my http and https links entered (I have a self signed ssl certificate and have the forums enabled to fully process ssl users)

When I get time I think I'll have to review this further. Links sent by people to my e-mail to complain about something get this error when I click on the link and I have the referrer set already.

The e-mails go to a Hotmail account and it doesn't like them.

.

I've had hotmail completely refuse to accept emails from time to time for absolutely no reason lol

I don't have a problem getting the e-mail but when I click on the link I get the same error being reported here that it can't continue as though the referrer or session is wrong.

what's the link it gives you?