|
Joined: Jan 2007
Posts: 3
stranger
|
stranger
Joined: Jan 2007
Posts: 3 |
Hi, We have just upgraded from classic 6.3 to threads v7.2, and we keep getting an error message saying that the users ip/host appears to be invalid or that it could be a firewall issue. They can only post, if they go into the my cookies, expire the cookies and try to log back in try to post again, sometimes it works on the first attempt at doing this, sometimes on the second.. sometimes it is on their second post... is it something in my settings that needs changing? TIA Claire
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
Could be a couple of things... Some Anti-Virus, Firewalls, or Internet Security Suites block the referrer value and should be disabled on the users machine. You can disable this security check in the control panel, however it isn't recommended. You should also be sure all posible urls that users can login or post from are in the tracking box in the control panel (including the www and non www versions of any domains that you use).
|
|
|
|
Joined: Jan 2007
Posts: 3
stranger
|
stranger
Joined: Jan 2007
Posts: 3 |
This is the actual error message. The host from which you are accessing the board is not recognized as a valid host. This is more than likely related to a firewall issue that is blocking the referer variable. Check your firewall settings and try again.
I have posted about 5 messages on my board, then had to go and change something in my profile and on the control panel, went back to the board to add another reply and got this message again.
I have had emails from most of my regular members and they all get this error, surely we should not have to disable firewall settings just to be able to post, and why was i able to post before on the board, and suddenly not now... (well not without clearing the cookie setting on the board?)
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
The firewall setting is to not send a referrer variable, which is critical to spam prevention (as one can spoof a post to post to your forum without having to be posted from a valid location wihtout it)... It can be more than jsut that, there is one thing to check before disabling the referrer check (if you want to nerf that security protection that is). First, check to be sure ALL of your domains are in the allowed referrers: CP -> Master Settings -> Primary Settings -> Advanced Options -> Domains for HTTP Referrer Check. Example: http://www.undergroundnews.com|http://www.undergroundnews.net|http://www.undergroundnews.org|https://www.undergroundnews.com|https://www.undergroundnews.net|https://www.undergroundnews.org That setting CAN cause the above error when a user is logged in and posting from the "non-www" version of your url when it isn't allowed in the check. If you want to disable the check (which I would never recommend) then you can de-tick: "Disable HTTP Referer Check?" The option in a firewall to block referrer variables isn't really a security setting, it's there to "protect privacy" by not forwarding referrers so that you can't be "traced" online, however the referrer check utilizes this variable to validate you're posting from an allowed host (as in one of the hosts which are in the allowed hosts box).
|
|
|
|
Joined: Jan 2007
Posts: 3
stranger
|
stranger
Joined: Jan 2007
Posts: 3 |
Thanks,
have re-inputted this bit. > First, check to be sure ALL of your domains are in the allowed referrers: CP -> Master Settings -> Primary Settings -> Advanced Options -> Domains for HTTP Referrer Check. Example:
and it now seems to be behaving itself.
thanks again!
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
Yes, a common mistake is people forgetting that users can browse their site both with and without "www", so only one gets entered, and users can sometimes trollup in with the other...
Myself, I have a .htaccess rule which forwards all non-www requests to www, so i just have my http and https links entered (I have a self signed ssl certificate and have the forums enabled to fully process ssl users)
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
When I get time I think I'll have to review this further. Links sent by people to my e-mail to complain about something get this error when I click on the link and I have the referrer set already.
The e-mails go to a Hotmail account and it doesn't like them.
.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
I've had hotmail completely refuse to accept emails from time to time for absolutely no reason lol
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
I don't have a problem getting the e-mail but when I click on the link I get the same error being reported here that it can't continue as though the referrer or session is wrong.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
what's the link it gives you?
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
seemed normal but don't have anymore. Deleted it. Will check more next time maybe
|
|
|
|
Joined: Oct 2006
Posts: 12
stranger
|
stranger
Joined: Oct 2006
Posts: 12 |
Please clarify. Is the Referer disabled when there is a tick or when there isn't a tick? If you want to disable the check (which I would never recommend) then you can de-tick: "Disable HTTP Referer Check?"
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
'eh when its' TICKED the referrer check is disabled, I made the post then copy and pasted it
|
|
|
|
Joined: Apr 2007
Posts: 120
member
|
member
Joined: Apr 2007
Posts: 120 |
Could we get this added to the documentation?
Should be an easy thing, if you're using the step by step process to get running, but sounds absolutely necessary.
(although I fully admit it's well explained in the control panel, it's just that I had no clue what a "referrer" actually was... maybe you should add the term "host header"?)
Last edited by Andrew Bienhaus; 04/13/2007 4:05 PM.
...usin' da classic UBB, since the beginning of time.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
That's what the search option here is for ... But I do agree that a user manual needs worked on, but i don't think it has to go in debth for every issue when the search option here will help with just about any problem one can come accross...
|
|
|
|
Joined: May 2006
Posts: 243 Likes: 1
Enthusiast
|
Enthusiast
Joined: May 2006
Posts: 243 Likes: 1 |
Could be a couple of things... Some Anti-Virus, Firewalls, or Internet Security Suites block the referrer value and should be disabled on the users machine. You can disable this security check in the control panel, however it isn't recommended. You should also be sure all posible urls that users can login or post from are in the tracking box in the control panel (including the www and non www versions of any domains that you use). I have both the www and non-www versions of my board set in the control panel, and I had a bad link in the old Classic board's redirection script that is fixed. Everyone seems to be using the board ok, except for one. I have one member trying to connect from a US EPA T1 line that he says is "fairly secure", and gets that firewall message every time he tries to post. He was using Internet Explorer, and has just now downloaded and installed Firefox, and the Firefox connection gave him the same message. Can anyone give me some recommendations to try? EDIT: More info: He can post using a collegue's computer in the same office. So it is only his computer. He has cleared the cache in IE. But why would a brand-new Firefox have the same problem??? Actually, clearing the IE cache... Tools, Internet Options, Content, Clear SSL State. Is there any other? I see IE has a Security tab. Not sure what his setting is.
Last edited by Steve C; 05/01/2007 5:40 PM.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
Likely it's a software issue, as in a software firewall, or virus scanner, or internet security suite... Something there should have an option which states "block referral variable" which is the culprit, something isn't allowing it to pass data as a "security" feature...
|
|
|
|
Joined: May 2006
Posts: 243 Likes: 1
Enthusiast
|
Enthusiast
Joined: May 2006
Posts: 243 Likes: 1 |
Thanks for the help, Gizmo. I passed your message along to the user, and he was able to post after disabling his Symantec security application. When he called me to report his success, I asked about the "referral variable" option, and he said he would poke around and look for it.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
Yeh, see, I dont' like these types of utilities... They sacrifice Server/Service Security, for a piddly assumption of "user security" blocking the last page he's been on? Just doesn't make sense how that's security; especially when it ultimately disables their "ease of use" of web applications and the security of spam checking...
|
|
|
|
Joined: May 2006
Posts: 579
addict
|
addict
Joined: May 2006
Posts: 579 |
I have a lot of users who get that exact message, and can't post. I've narrowed down the problem, and I even have the issue in my trouble-shooting section. Here's what I tell users: When you try to post a new topic, or make a reply, you get the following message or similar: "The host you are trying to send the input from is not a valid host." This means you have changed something on your local PC that effects security settings. Most commonly this means that you have installed or modified settings in either the Norton or Zone Alarm firewalls, although it may also mean that your browser security settings are too aggressive.
To test, turn off any firewalls you may have running, and try posting again. If you can post successfully, then you will need to change the security settings of your firewall. More often than not, it's either Norton or Zone Alarm, and as soon as users turn off those firewalls, they are able to post. Gizmo is right about the referrer checks - Norton and Zone Alarm are real funky about that.
|
|
|
|
Joined: Dec 2003
Posts: 1,796
Pooh-Bah
|
Pooh-Bah
Joined: Dec 2003
Posts: 1,796 |
Ask them to add the site to their safe sites list - fixes the problem and they get to keep their firewall intact.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
More often than not it's Norton Internet Security; you can disable the checks through your control panel, and some members say that if you're not experiencing spam through alternate referrals theres no point of having it on; myself, I don't like the idea of nerfing security on my forum because a user's security suite is going haywire with beefing security...
|
|
|
|
Joined: Jun 2006
Posts: 811
old hand
|
old hand
Joined: Jun 2006
Posts: 811 |
Myself, I have a .htaccess rule which forwards all non-www requests to www, so i just have my http and https links entered (I have a self signed ssl certificate and have the forums enabled to fully process ssl users) Thanks for the tip.
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
|
1 members (Nightcrawler),
737
guests, and
131
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|