Re: INFO: Bad HTTP_REFERER

First of all, you really should consider disabling Norton Internet Security before disabling the referer check in PunBB. However, if you insist on disabling it, here's how.

Replace confirm_referer with the following piece of code:

function confirm_referer($script)
{
    // Do nothing
}

Then, in admin_options.php, look for:

// Lazy referer check (in case base_url isn't correct)
if (!preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER']))
    message($lang_common['Bad referer'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');

and remove it.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

52 (edited by AznCFrk 2004-04-24 00:40)

Re: INFO: Bad HTTP_REFERER

I think protecting my computer would be more important than protecting my forums.

53

Re: INFO: Bad HTTP_REFERER

AznCFrk wrote:

I think protecting my computer would be more important than protecting my forums.

Agreed. But there are far better ways of doing it that using Norton Internet Security. In any case, hiding the referrer isn't really a security issue, just a privacy one, and not very important at that.

From what I remember NIS allows you to set up rules for specific sites so it could be set up to allow referrer information for your forum but not for any other sites. I think it's under "Web Rules" somewhere.

54 (edited by AznCFrk 2004-04-24 03:48)

Re: INFO: Bad HTTP_REFERER

Paul wrote:
AznCFrk wrote:

I think protecting my computer would be more important than protecting my forums.

Agreed. But there are far better ways of doing it that using Norton Internet Security. In any case, hiding the referrer isn't really a security issue, just a privacy one, and not very important at that.

From what I remember NIS allows you to set up rules for specific sites so it could be set up to allow referrer information for your forum but not for any other sites. I think it's under "Web Rules" somewhere.

I can't find it.  BTW, I'm using NIS 2003, and it's not Professional, so I guess its home or whatever.

55

Re: INFO: Bad HTTP_REFERER

Lovely URLs. If they (probably) don't work search Symantec's site for the article titles:

Passing referrer information to specific Web pages in Norton Internet Security? and Norton Personal Firewall? 2002 and earlier
http://service1.symantec.com/SUPPORT/su … de00518df1

Passing referrer information to specific Web pages in Norton Internet Security? and Norton Personal Firewall? 2003 and 2004

http://service1.symantec.com/SUPPORT/ni … 6b006a85a8

56

Re: INFO: Bad HTTP_REFERER

or... just open Norton Personal Firewall and turn off the privacy control big_smile

57

Re: INFO: Bad HTTP_REFERER

I haven't got an answer. I get the Bad HTTP_REFERER problems, when trying to update a profile.
base URL is: http://socio.msk.ru/forum
And the error is when i try to update profile from http://www.socio.msk.ru/forum
The solution to use the address without "www" is a very bad one, because for users these two URLs are identical. Some type the address with "www", others without "www". The problems is then how to make punbb consider two URLs (with "www" and without) identical. For example, to add somewhere an logical OR... I don't know, but the problem must be solved.

Re: INFO: Bad HTTP_REFERER

GAVR: Try this. Also, please note that the referer check only applies to moderators and admin. All other users are unaffected.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

59

Re: INFO: Bad HTTP_REFERER

Rickard
Thanks, it works great!

60

Re: INFO: Bad HTTP_REFERER

Hm... I get the following when I replace the referrer check with a dump:

"http://forums.farm-garden.com/admin_categories.php"

""

My base URL is forums.farm-garden.com and I have the site bookmarked. I haven't been in the Admin section for awhile but I have made many edits from within the Admin area and they all worked fine. It seems this problem only arose recently.

Re: INFO: Bad HTTP_REFERER

lorax: For some reason your HTTP_REFERER is cleared. Are you running Norton Personal Firewall and Kerio Personal Firewall or maybe some other "security" app that might interfere? In that case, try disabling it and see if it helps. If you're running Norton, see the links by "Concerned party" a few posts above this one.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

62

Re: INFO: Bad HTTP_REFERER

Thanks Rickard,
I am running ZoneAlarm and disabled it as a test. No change. I am also running a Linksys Router/Firewall - which I have not disabled/tested yet. The odd part about this is that the Admin section was working fine a few months ago when I did the initial setup. I'll take the router out of the equation too just to be sure and will report back later.

63 (edited by ThoR 2004-07-20 11:23)

Re: INFO: Bad HTTP_REFERER

I have a different problem:
An error was encountered
Error: Unable to fetch category/forum list.

( http://130.243.43.96/vwar/forum/index.php )

Any ideas?
I havn't been able to set up any category's or forums...

Re: INFO: Bad HTTP_REFERER

ThoR: I can't see how that applies to the HTTP_REFERER error, but enable DEBUG mode and try again. Then we'll get a more detailed error message.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

65

Re: INFO: Bad HTTP_REFERER

OK, first I'm very sorry for posting in wrong thread...

Second: The new error is:
An error was encountered
File: /var/www/vwar/forum/index.php
Line: 58

PunBB reported: Unable to fetch category/forum list
Database reported: Unknown column 'c.cat_name' in 'field list' (Errno: 1054)

66 (edited by lorax 2004-07-20 21:18)

Re: INFO: Bad HTTP_REFERER

DOH!

Well - my issue had nothing to do with a firewall but everything to do with my Opera browser. The day before I posted I had unchecked referrer logging in the Options for Opera. It dawned on me that might be the issue and so I turned it back on today and voila - works like a champ. Thanks for listening!

Re: INFO: Bad HTTP_REFERER

hello,  i recently installed Norton Pers. Firewall and Systemworks 2004.  now i get the error message " can't find HTTP_REFERER" when i try to delete 3-mail.  my broadband ISP is comcast.net.

i am not a programmer, but did have some training 10 years ago (C++, etc).  i need advice/help in solving this issue but PLEASE keep it fairly sinple or explain things simply if possible.

thanks DLS

Re: INFO: Bad HTTP_REFERER

sportsmandl: Did you even read the first post in this topic?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

69 (edited by phrog 2004-08-19 21:45)

Re: INFO: Bad HTTP_REFERER

When I log in as admin and go to admin/options or other admin features I get this:

Bad HTTP_REFERER. You were referred to this page from an unauthorized source. Please go back and try again. If the problem persists please make sure that 'Base URL' is correctly set in Admin/Options and that you are visiting the forum by navigating to that URL.

---

PunBB 1.1.5
WIN32
PHP 5.0.1
MySQL 4.0.20a

Base URL: http://00.000.000.00/bbs

I enter PunBB through http://00.000.000.00/bbs (keeping IP private for obvious reasons)

I am not using a firewall or any anti-popup type software, the only icon in my system tray is the dialup icon. CTRL-ALT-DEL shows all that is running is the server software (apache/mysql), systray and explorer. I have nothing blocking HTTP referer. I am using Firefox with the popup option in it turned off but with Javascript and Cookies enabled.

Also I am not behind a router, hub or any other hardware. Just a direct connection to the net via dialup.

What am I doing wrong?

70 (edited by Frank H 2004-08-19 21:53)

Re: INFO: Bad HTTP_REFERER

on the admin page, click the php info and see what it says on _SERVER["HTTP_REFERER"]
(I think you still can see this, even if baseurl is wrong)

(it should be your baseurl + "/admin_index.php" )

71 (edited by phrog 2004-08-20 02:58)

Re: INFO: Bad HTTP_REFERER

Take it easy on me I'm a newbie! 8)

Reinatlled PunBB again (like the 6th time, LOL),  logged in as admin.

Then I clicked on 'admin', clicked on 'show info' next to PHP (is this the page you wanted me to check?). Did a quick search for _SERVER["HTTP_REFERER"] but nothing poped up. So I manually searched the phpinfo() page and still didn't find it. So next I looked for 'admin_index.php' on the page and found a reference to 'admin_index.php' under Apache Environment and PHP Variables but nothing about HTTP_REFERER. Couldn't find any reference to base_url either. I looked under the PHP Variables and found my IP listed in many places on there but there wasn't a _SERVER["HTTP_REFERER"] anywhere on that page.

I then backed out and went to admin>options>base url and its the same I entered at install:
http://00.000.000.00/bbs (my real static IP instead of zeros ofcourse) and even when I install PunBB as just localhost while offline I still get the same bad http_referer.


When I try any of the admin options (Categories, Forums, Users, Options, Permissions, Censoring, Ranks, Bans, Prune, Maintenance, Reports) I still get the same bad http_referer message.

Oh and and this 6th reinstall I had a 'Guest' user that registered on 1969-12-31! ROFL! And it has my admin name registered twice. I'm totally confused about all this. Sigh. 8(

Re: INFO: Bad HTTP_REFERER

Are you using Opera? In that case, make sure you have referrer logging enabled in the options.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

73 (edited by phrog 2004-08-20 11:37)

Re: INFO: Bad HTTP_REFERER

Nope, never used Opera.

WIN32 (WindowsME)
Firefox 0.9.3
Apache 2.0.50
MySQL 4.0.20a
PHPMyAdmin 2.5.7
PHP 5.0.1
PunBB 1.1.5


Nothing else running except systray, explorer and dialup adapter.

I just woke up, going to try and tweak some stuff again in PunBB. If I can't get it working sometime today I give up on this untill after the weekend.

Time to bust out the caffeine again. 8)

Re: INFO: Bad HTTP_REFERER

Could you post an URL (or maybe e-mail me the URL?) to the boards so we can try it out?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

75 (edited by phrog 2004-08-20 22:23)

Re: INFO: Bad HTTP_REFERER

Email would be ideal since I'd rather not have my IP posted in public.