|
Joined: Nov 2006
Posts: 173
member
|
member
Joined: Nov 2006
Posts: 173 |
this is the second user with this 'firewall' problem i have had since i changed to version 7 two days ago. any clues whats up?
Hi Marty, All of the sudden this evening I started to get this error message (below) when attempting to post or PM someone. No firewall changes on my end. Thanks for any insight you may be able to offer. DB -Quote- "We cannot proceed. The host from which you are accessing the board is not recognized as a valid host. This is more than likely related to a firewall issue that is blocking the referer variable. Check your firewall settings and try again." -Unquote-
|
|
|
|
Joined: Nov 2006
Posts: 173
member
|
member
Joined: Nov 2006
Posts: 173 |
more on above situation
Hi Marty, FYI, reset firewall to no protection and still had the problem. Also, when I pull up a reply box or a PM form, the status message in the bottom of window always says "error on page" or "done with errors" for whatever it's worth...... then nothing happens when I try to send or I get the errore message as mentoined above...
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
Also, ask them to copy the url they're using when trying to post, it's possible that they're using a "non-www" version of your URL and it's not setup to accept posts from the control panel. Re-Iterration, these are differant URLs and both need to be in the "accepted hosts" for your site.: http://ubbcentral.com/https://www.ubbcentral.com/
|
|
|
|
Joined: Nov 2006
Posts: 173
member
|
member
Joined: Nov 2006
Posts: 173 |
Disabling HTTP Referer Check fixed it. should i test it with the 'www' added into the accepted hosts?
what is the downside to turning off http referrer check?
|
|
|
|
Joined: Aug 2006
Posts: 1,649 Likes: 1
Pooh-Bah
|
Pooh-Bah
Joined: Aug 2006
Posts: 1,649 Likes: 1 |
Turning off the http referrer check won't guarantee that forms submitted came from your site(s) only.
In Control Panel » Primary Settings » Advanced Options » Domains for HTTP Referrer Check: Add both domains as shown in the example and try enabling the referrer check again and see if that does it...
GangsterBB.NET (Ver. 7.6.1.1) PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54 2007 Content Rulez Contest - Hon Mention UBB.classic 6.7.2 - RIP
|
|
|
|
Joined: Nov 2006
Posts: 173
member
|
member
Joined: Nov 2006
Posts: 173 |
ok thanks appreciate the help
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
Turning off the http referrer check won't guarantee that forms submitted came from your site(s) only. "Spam" is the "danger", it is not recommeded to ever disable the httpd referrer check. And yes, you should try it with both the www and non-www in there, i have multiple as: http://www.undergroundnews.com|http://www.undergroundnews.net|http://www.undergroundnews.org I don't allow users to access my site without a "www" on the domain, you could update it as: http://www.undergroundnews.com|http://undergroundnews.com
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
I have 1 member that reported back to me that he can not see uploaded images ?
Do i need to include the sub domain that the images are uploaded it in the reffer check ?
www.mydomain.com|www.images.mydomain.com
Its a strange problem, as he say's it only our site that he has issues with viewing images on the sub domian. (Uploads) Any images on the main domain show fine ? It has been going on since 7.0 and i enabled the upload and switched the directory too the subdomain.
Any idea's - about the reffer check what should i put in there? I do have the main domain listed currently.
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
The referrer check is only for sites authorised to POST content on your forums; do you have any type of hotlink protction setup for your site?
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
So i dont have to add the subdomain in the referrer.
No i dont have any Hotlink protection.
Its weired, i'm blaming his firewall settings,
Ive asked him for all the info he can give me before we start chasing a wild goose chase,
For now : Should i add my subdomin to the reffer check ?
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: Apr 2006
Posts: 144
Member
|
Member
Joined: Apr 2006
Posts: 144 |
I have several users in this situation. They've disabled their firewall and looked for anything that would prevent the referrer. Some are computer illiterate.. so it's an uphill (and very frustrating) battle. And yes, I have both www and non-www in the allowed domains input. My community is starting to mutiny over all the issues. They want UBB.c back.
Stress the system until it breaks. Hey.. it works for Spacecraft.. why not here? UBB since 1999: MonteCarloSS.com
|
|
|
|
Joined: Aug 2006
Posts: 1,649 Likes: 1
Pooh-Bah
|
Pooh-Bah
Joined: Aug 2006
Posts: 1,649 Likes: 1 |
You could turn off the referrer check and see if that clears up the problems. Rick said Threads was probably the only forum software to use it, so while a nice feature, it's not critical...
GangsterBB.NET (Ver. 7.6.1.1) PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54 2007 Content Rulez Contest - Hon Mention UBB.classic 6.7.2 - RIP
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
I have an external Login Problems page, which links them to Nortons Web Site Adding Trusted Sites - Click Me Its more to do with Parental Control if enabled. Hope that helps... -------------- Anyone - should i add my subdomain to the reffer ? See posts above.
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: Jun 2006
Posts: 9,242 Likes: 1
Former Developer
|
Former Developer
Joined: Jun 2006
Posts: 9,242 Likes: 1 |
If the referer check is causing major issues, go ahead and turn it off. The check itself isn't foolproof as it relies on the referer variable. It basically is a bit of an attemp to help with spammers, but most good spammers can spoof the referer variable anyways.
|
|
|
|
Joined: Apr 2006
Posts: 144
Member
|
Member
Joined: Apr 2006
Posts: 144 |
I guess I'm confused at what the referrer check is trying to attempt. Don't the scripts check to see if the 'entity' trying to post is logged in with a valid user ID and password? Isn't that enough to quell spammers?
Stress the system until it breaks. Hey.. it works for Spacecraft.. why not here? UBB since 1999: MonteCarloSS.com
|
|
|
|
Joined: Jun 2006
Posts: 9,242 Likes: 1
Former Developer
|
Former Developer
Joined: Jun 2006
Posts: 9,242 Likes: 1 |
Basically the referer check tries to make sure addpost is being called from the newpost/newreply script on your server. A true spammer wouldn't actually fill out the newpost/newreply forms. They'd look and see what fields are necessary to pass to the addpost script and write their own spam script that would just pass those variables totally bypassing the forms. Normally, when a user is browsing your forum, each request they make comes with a referer variable that shows where they are coming from. A common script kiddie might try and write a spam script but not know how to spoof the referer variable, so that would spoil their attempt. Someone that has a bit more knowledge would know how to do it properly, so it wouldn't stop them. That's why I say it's not foolproof. It prevents the boneheads from spamming, but not the smart ones
|
|
|
|
Joined: Jun 2006
Posts: 9,242 Likes: 1
Former Developer
|
Former Developer
Joined: Jun 2006
Posts: 9,242 Likes: 1 |
And you are correct in that if all your forums require people to be logged in to post, then the referer check holds even less value as they need to actually be online to post and can't really do a remote script.
|
|
|
|
Joined: Jun 2006
Posts: 16,367 Likes: 126
|
Joined: Jun 2006
Posts: 16,367 Likes: 126 |
For now : Should i add my subdomin to the reffer check ? The referrer check is only for domains which are allowed to make posts to your forum; unless you have another forum setup at that subdomain and want it to be able to post to your main ubb.threads install, you don't need it added to the referrer check. I have several users in this situation. They've disabled their firewall and looked for anything that would prevent the referrer. Some are computer illiterate.. so it's an uphill (and very frustrating) battle. And yes, I have both www and non-www in the allowed domains input. My community is starting to mutiny over all the issues. They want UBB.c back. Theres several things that can be at issue, not just a firewall; some people have "Internet Security Suites", Virus Scanners, and (usually) firewall's that can block items; keep in mind too that some people have no clue what they're doing and have their kids do everything for them, so that may also be an issue (whos to say their kid installed something and they have no clue its even there). You could turn off the referrer check and see if that clears up the problems. Rick said Threads was probably the only forum software to use it, so while a nice feature, it's not critical... While turning this off to test is a great idea, imo keeping it off is a spam risk (which it was added to halt the spam issues that a lot of people, including me in UBB.C, where having). Rick has pretty much explained everything though ...
|
|
|
2 members (Ruben, SenecaFlyer),
929
guests, and
67
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|