26

Re: INFO: Bad HTTP_REFERER

http://www.ampsys-electronics.com  <--- this is what I have in the base URL

when I validate the option in the ADMIN PANEL it let me do it fine

it is only when i go to the categories or else I have the error.....

27

Re: INFO: Bad HTTP_REFERER

it works !

~I understood you mean the option base url of the forum , adding the /FORUM makes it !

thanks for your great help

Re: INFO: Bad HTTP_REFERER

No worries mate!

"Programming is like sex: one mistake and you have to support it for the rest of your life."

29

Re: INFO: Bad HTTP_REFERER

I've just fixed my error big_smile

Just didnt have www. there when it should be.

---------> PLEASE REMEMBER I GOT THE FIRST EVER POST OF PUNBB 1.1! <---------
---------> PLEASE REMEMBER I GOT THE FIRST EVER POST OF PUNBB 1.1! <---------

Re: INFO: Bad HTTP_REFERER

It's my first post here and I've just started using punBB some days ago. Nice System! smile

Anyway, I get the Bad Referer error message too. But only at work because here is a firewall installed which filters the referer. I'm cannot disable this so this is a case which can't be solved?

Re: INFO: Bad HTTP_REFERER

Unfortunately not. Well, you could disable it manually, but from a security standpoints it's not very good. If you want to, I will show you how. Just say the word.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: INFO: Bad HTTP_REFERER

Thanks for your reply. I got around this by commenting out the rows for the referer check in the source code and undo this when I made my updates. It's not that big problem for me because from home it all works properly. Thanks anyway. smile

Re: INFO: Bad HTTP_REFERER

An easier method is to comment out the code in include/functions.php. I.e. the code in the function confirm_referer. That way you only have to change it in one place.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: INFO: Bad HTTP_REFERER

Oh thanks, yeah. I didn't thought about that. Why doing it the easy way when there's a hard way...

35

Re: INFO: Bad HTTP_REFERER

Im working on the forum at my school !
how can i change anything in the forum, when i dont have a URL to enter ??
im behind a router, so i have only LAN ip..
of caurs i can enter the web ip for the router, but how am i suppse to put it ?? and ARGHH !!

i have only ipadress, no domain..
what to do

plz help

Thanks

36

Re: INFO: Bad HTTP_REFERER

A domain name is only a friendly name to a ip address. If you are running Punbb in your local network, just use the IP address for the computer that is running Apache and Punbb. IE: Just enter 192.168.0.5 or what ever your default gateway is.

Do, or do not.

Re: INFO: Bad HTTP_REFERER

I'm having a problem with this as well.

I am using Norton Internet Security, but I have disabled it for my own domains (alinear.net etc.). I am not sure if this 'solves' the problem, but at the same time I don't want to disable it completely just to admin the forums...

I have the base URL set correctly to:
http://www.alinear.net/bbs

I am loggin in by going to the same url (with the www).

No matter what I do ... flush cache... try several different browsers on pc or mac... I get the same http referrer error.

I'd like to disable this protection ... I am not wildly concerned about someone hacking my forums...

So in the 'include' folder, I opened 'functions.php' and cheanged this function like so:

function confirm_referer($script)
{
//    global $pun_config, $lang_common;
//
//    if (!preg_match('#^'.preg_quote($pun_config['o_base_url'].'/'.$script, '#').'#i', $_SERVER['HTTP_REFERER']))
//        message($lang_common['Bad referer']);
}

I commented out the body of the function, leaving it there nulled so whatever calls it won't destory itself somehow.

However I am STILL getting the bad referrer problem!!!?!

I also ran:
http://www.alinear.net/bbs/include/index.html

Assuming maybe this was required in some way?

Is there something I am missing about taking this referrer validation out?

Thanks,
Neil

alinear.net

Re: INFO: Bad HTTP_REFERER

You say you've disabled Norton Internet Security, but you don't know if it solved the problem. Does it help or not?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: INFO: Bad HTTP_REFERER

Sorry I hadn't 'disabled' it per se -- I had 'disabled' it in the browser in the sense that I had it shutting off ad/content filtering.

If I *fully* disable norton (totally shut it down), it works.

But... I'd prefer to not have to do this every time I wanted to mess with the config, at least not while I get the BBS set up initially (will be making frequent small changes and tweaks).

Is there any simple way to temporarily disable the check? I tried commenting out the function (as above) but this does not help -- it still gives me the same issue so long as my firewall isn't disabled.

I'd basically like to disable the check while I get the BBS set up, then put it back when I am done and would likely only change the main config. options infrequently.

Thanks!,
Neil

/ alinear

Re: INFO: Bad HTTP_REFERER

alinear wrote:

Sorry I hadn't 'disabled' it per se -- I had 'disabled' it in the browser in the sense that I had it shutting off ad/content filtering.

But can't you just make Norton not tamper with HTTP_REFERER? There must be some setting for it.

alinear wrote:

Is there any simple way to temporarily disable the check?

No, the only way is to disable it is by commenting out the code you did above.

alinear wrote:

I tried commenting out the function (as above) but this does not help -- it still gives me the same issue so long as my firewall isn't disabled.

That's not possible. If you commented out the code as you showed in your previous post, the referer check is disabled completely. If you were getting the error message even after commenting out that code, you must have been watching a cached version of the page or something. You didn't just forget to upload after you made the changes?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

41 (edited by RNilsson 2004-02-24 07:04)

Re: INFO: Bad HTTP_REFERER

I set my Base Url to exactly 'forum.nonet.org' - without http:// and it gives me Bad Referer in some admin-operations but not all (Managing categories is one where it gives me bad ref)

In include/functions.php

function confirm_referer($script)
{
    global $pun_config, $lang_common;

    if (!preg_match('#^'.preg_quote($pun_config['o_base_url'].'/'.$script, '#').'#i', $_SERVER['HTTP_REFERER']))
        message($lang_common['Bad referer']);
}

Why not try a substr for http:// or https:// and strip them out of both http-referer and base url if present?

Heaven dosen't want me, and hell's afraid I'll take over...
Are YOU ready to post on the forum?

Re: INFO: Bad HTTP_REFERER

It should give you a "Bad referer" message on all operations but updating admin/options.

I'm not sure what good stripping out http:// or https:// from the Base URL would do. The Base URL should contain http:// or equivalent because it is the URL to the forums used in all outgoing e-mail.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: INFO: Bad HTTP_REFERER

How about a compromise; strip out the http[,s]:// when doing the referer-check?

Or forcibly put in place (checking to see if there is a http or https first naturally) when installing/updating the base url so it will always be there is the user forgets to set it( or doesn't think it's needs to be there smile...

Just though i'd shine some light on the matter for future updates.

Heaven dosen't want me, and hell's afraid I'll take over...
Are YOU ready to post on the forum?

Re: INFO: Bad HTTP_REFERER

Aha! Now I understand what you mean. Stripping it out when checking the referer isn't an option, but I guess we could make sure that the URL starts with http:// https://.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

45

Re: INFO: Bad HTTP_REFERER

I go into admin_options like this:
http://waseda.lunarpages.com/~login/pun … ptions.php

BASE URL is set to this:
http://waseda.lunarpages.com/~login/punbb

on submit, i get this:

Bad HTTP_REFERER. You were referred to this page from an unauthorized source. Please go back and try again. If the problem persists please make sure that 'Base URL' is correctly set in Admin/Options and that you are visiting the forum by navigating to that URL.

-Norton firewall is off
-Norton  ad blocking is off
-Using Mozilla 1.6 with cache cleared

anything obvious?  I have read whole thread and can't figure it out.

I would really like to try this as alt to phpBB.

Thanks

Re: INFO: Bad HTTP_REFERER

hpmod: Hmm. That can't be right. There is no referer check in admin_options.php. However, we can determine why your referer check is failing. Open up include/functions.php and go to line 606. There, replace:

function confirm_referer($script)
{
    global $pun_config, $lang_common;

    if (!preg_match('#^'.preg_quote($pun_config['o_base_url'].'/'.$script, '#').'#i', $_SERVER['HTTP_REFERER']))
        message($lang_common['Bad referer']);
}

with

function confirm_referer($script)
{
    global $pun_config, $lang_common;

    dump('"'.$pun_config['o_base_url'].'/'.$script.'"', '"'.$_SERVER['HTTP_REFERER'].'"');
}

Then, try it again and then paste what it outputs here.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

47

Re: INFO: Bad HTTP_REFERER

I have this problem also when using admin, I copied and replaced code as directed below



hpmod: Hmm. That can't be right. There is no referer check in admin_options.php. However, we can determine why your referer check is failing. Open up include/functions.php and go to line 606. There, replace:

Code:


function confirm_referer($script)
{
    global $pun_config, $lang_common;

    if (!preg_match('#^'.preg_quote($pun_config['o_base_url'].'/'.$script, '#').'#i', $_SERVER['HTTP_REFERER']))
        message($lang_common['Bad referer']);
}

with

Code:


function confirm_referer($script)
{
    global $pun_config, $lang_common;

    dump('"'.$pun_config['o_base_url'].'/'.$script.'"', '"'.$_SERVER['HTTP_REFERER'].'"');
}


And my output is below



"http://branchville-sc.com/punbb-1.1.3/u … gories.php"

"http://www.branchville-sc.com/punbb-1.1 … gories.php"

I have tried every url combination possible , and still cannot find fix

Re: INFO: Bad HTTP_REFERER

Well, the output tells me that you have branchville-cs.com in your base URL, but you visit the forums by going to www.branchville-sc.com. Try adding the www. part to your base URL.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

49

Re: INFO: Bad HTTP_REFERER

Rickard wrote:

Well, the output tells me that you have branchville-cs.com in your base URL, but you visit the forums by going to www.branchville-sc.com. Try adding the www. part to your base URL.


Thanks, That fixed it!http://punbb.org/forums/img/Oxygen_new.png

50 (edited by AznCFrk 2004-04-23 02:28)

Re: INFO: Bad HTTP_REFERER

Rickard wrote:
alinear wrote:

Sorry I hadn't 'disabled' it per se -- I had 'disabled' it in the browser in the sense that I had it shutting off ad/content filtering.

But can't you just make Norton not tamper with HTTP_REFERER? There must be some setting for it.

alinear wrote:

Is there any simple way to temporarily disable the check?

No, the only way is to disable it is by commenting out the code you did above.

alinear wrote:

I tried commenting out the function (as above) but this does not help -- it still gives me the same issue so long as my firewall isn't disabled.

That's not possible. If you commented out the code as you showed in your previous post, the referer check is disabled completely. If you were getting the error message even after commenting out that code, you must have been watching a cached version of the page or something. You didn't just forget to upload after you made the changes?

Same thing is happening to me.  I commented it out, but it still shows it.

This is what I have done so far:
- Norton Internet Security = ON
- Cleared cache
- Used IE and Firefox
- Base URL set as http://chaosgamers.com/forums
- Accessed by http://chaosgamers.com/forums/admin_options.php
- Commented out the function
- Replaced commented function with "dump" script
- STILL GETTING BAD HTTP_REFERRER ERROR!!

I really wnat this to be an alternative to phpBB like that other guy.  I'm getting fustrated and might switch back.  I don't get whats the problem.

edit: i disabled norton for a few seconds and hit submit... it worked... as soon as i turn it back on, it doesnt work. how can i completly REMOVE the check? commenting it out does not work for me...